Description of problem: https://capsule:8443/ reverse proxy into the Satellite UI. 1. This opens up Satelliet UI to all clients that Capsule is deployed in, which has security implications 2. There is no mention of this in the documentation. Documentation only mention this for Client to Capsule communication: 8443 TCP HTTPS Subscription Management Services and Telemetry Services 28-katello-reverse-proxy.conf <VirtualHost *:8443> ServerName sat6-capsule1.example.com ## Proxy rules ProxyRequests Off ProxyPreserveHost Off ProxyPass / https://sat6.example.com/ ProxyPassReverse / / ProxyPassReverse / https://sat6.example.com/ Expected Result: - Capsule should not gives users an indirect access to Satellite UI at all.
We have assessed this BZ and there are a few considerations. The reverse proxy on the Capsule grants both UI and API access which in our view has the same security implications. In order to lock down just to the API we would have to build an access list of *all* API paths needed in order to not break functionality. Given there is no single rooted endpoint this is difficult and has the potential to miss an endpoint and break functionality. Additionally, some users see this as a feature that they use in order to access the application from clients or the Capsule itself. Given all of this, it is our recommendation that we close this BZ as wontfix. We would then opt to address https://bugzilla.redhat.com/show_bug.cgi?id=1743839 .