Bug 430191 - TurboGears should only listen on localhost in the production config
Summary: TurboGears should only listen on localhost in the production config
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: WebUI
Version: 1.0
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: freeipa10 429034
TreeView+ depends on / blocked
 
Reported: 2008-01-25 03:55 UTC by Rob Crittenden
Modified: 2015-01-04 23:30 UTC (History)
1 user (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Clone Of:
Environment:
Last Closed: 2012-03-27 07:13:21 UTC
Embargoed:

Attachments (Terms of Use)
listen only on localhost (851 bytes, patch)
2008-01-25 15:18 UTC, Rob Crittenden 		no flags Details | Diff
View All

Description Rob Crittenden 2008-01-25 03:55:35 UTC 
The TurboGears UI is supposed to be hidden behind Apache so we can do kerberos
SSO authentication. We don't want people going to the server directly so it
should only listen on localhost.

The fix is to add the following to ipa_webgui.cfg:

server.server_port = 8080
server.socket_host="127.0.0.1"
Comment 1 Rob Crittenden 2008-01-25 15:18:02 UTC 
Created attachment 292947 [details]
listen only on localhost
Comment 2 Yi Zhang 2008-05-28 17:09:29 UTC 
QA Verified on May 28, 2008 (Yi)

Build used: May 28, 2008 (i386)

file location:
/usr/share/ipa/ipa_webgui.cf
Note You need to log in before you can comment on or make changes to this bug.