Red Hat Bugzilla – Bug 1305652
Proxy server configuration improvement suggestion
Last modified: 2016-02-08 15:16:19 EST
Description of problem:
Proxy server is being installed with a rules that allows only localhost as a source but does not limit destination addresses. Destination address can be limited by RHN_PARENT variable which have to be defined before installation. In current configuration user have to create own acl to allow connections from his network. When one is not careful enough it is fairly easy to create open proxy. Moreover spacewalk proxy should rather be used as dedicated rpm proxy, not ordinary www proxy.
On every installation.
Steps to Reproduce:
2. Find out that only localhost can connect proxy.
3. Create Your own acl for Your local subnet.
4. Be carefree and do not limit destinations or do not implement authorisation.
It is easy to make open proxy.
Add one or two simple rules will do the job.