Bug 1305652 - Proxy server configuration improvement suggestion
Summary: Proxy server configuration improvement suggestion
Keywords:
Status: CLOSED EOL
Alias: None
Product: Spacewalk
Classification: Community
Component: Proxy Server
Version: 2.4
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Michael Mráka
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-08 20:16 UTC by Bartek Rekke
Modified: 2019-10-21 13:12 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-10-21 13:12:14 UTC
Embargoed:


Attachments (Terms of Use)

Description Bartek Rekke 2016-02-08 20:16:19 UTC
Description of problem:


Proxy server is being installed with a rules that allows only localhost as a source but does not limit destination addresses. Destination address can be limited by RHN_PARENT variable which have to be defined before installation. In current configuration user have to create own acl to allow connections from his network. When one is not careful enough it is fairly easy to create open proxy. Moreover spacewalk proxy should rather be used as dedicated rpm proxy, not ordinary www proxy. 




How reproducible:

On every installation.

Steps to Reproduce:
1. Install.
2. Find out that only localhost can connect proxy.
3. Create Your own acl for Your local subnet.
4. Be carefree and do not limit destinations or do not implement authorisation.

Actual results:
It is easy to make open proxy.

Expected results:
Add one or two simple rules will do the job.

Additional info:

Comment 1 Michael Mráka 2019-10-21 13:12:14 UTC
Spacewalk 2.8 (and older) has already reached it's End Of Life.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before end of life. If you would still like
to see this bug fixed and are able to reproduce it against current version
of Spacewalk 2.9, you are encouraged change the 'version' and re-open it.


Note You need to log in before you can comment on or make changes to this bug.