Bug 1305652

Summary: Proxy server configuration improvement suggestion
Product: [Community] Spacewalk Reporter: Bartek Rekke <bojleros>
Component: Proxy ServerAssignee: Michael Mráka <mmraka>
Status: CLOSED EOL QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: low Docs Contact:
Priority: unspecified    
Version: 2.4   
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-21 13:12:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Bartek Rekke 2016-02-08 20:16:19 UTC 
Description of problem:


Proxy server is being installed with a rules that allows only localhost as a source but does not limit destination addresses. Destination address can be limited by RHN_PARENT variable which have to be defined before installation. In current configuration user have to create own acl to allow connections from his network. When one is not careful enough it is fairly easy to create open proxy. Moreover spacewalk proxy should rather be used as dedicated rpm proxy, not ordinary www proxy. 




How reproducible:

On every installation.

Steps to Reproduce:
1. Install.
2. Find out that only localhost can connect proxy.
3. Create Your own acl for Your local subnet.
4. Be carefree and do not limit destinations or do not implement authorisation.

Actual results:
It is easy to make open proxy.

Expected results:
Add one or two simple rules will do the job.

Additional info:
Comment 1 Michael Mráka 2019-10-21 13:12:14 UTC 
Spacewalk 2.8 (and older) has already reached it's End Of Life.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before end of life. If you would still like
to see this bug fixed and are able to reproduce it against current version
of Spacewalk 2.9, you are encouraged change the 'version' and re-open it.