Bug 1305652 - Proxy server configuration improvement suggestion
Proxy server configuration improvement suggestion
Status: NEW
Product: Spacewalk
Classification: Community
Component: Proxy Server (Show other bugs)
x86_64 Linux
unspecified Severity low
: ---
: ---
Assigned To: Tomáš Kašpárek
Red Hat Satellite QA List
Depends On:
  Show dependency treegraph
Reported: 2016-02-08 15:16 EST by Bartek Rekke
Modified: 2016-02-08 15:16 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bartek Rekke 2016-02-08 15:16:19 EST
Description of problem:

Proxy server is being installed with a rules that allows only localhost as a source but does not limit destination addresses. Destination address can be limited by RHN_PARENT variable which have to be defined before installation. In current configuration user have to create own acl to allow connections from his network. When one is not careful enough it is fairly easy to create open proxy. Moreover spacewalk proxy should rather be used as dedicated rpm proxy, not ordinary www proxy. 

How reproducible:

On every installation.

Steps to Reproduce:
1. Install.
2. Find out that only localhost can connect proxy.
3. Create Your own acl for Your local subnet.
4. Be carefree and do not limit destinations or do not implement authorisation.

Actual results:
It is easy to make open proxy.

Expected results:
Add one or two simple rules will do the job.

Additional info:

Note You need to log in before you can comment on or make changes to this bug.