Bug 844386 - [rhevm-webadmin] - Webadmin - Port 80 (http) should be blocked for http://ip/webadmin access
[rhevm-webadmin] - Webadmin - Port 80 (http) should be blocked for http://ip/...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-webadmin-portal (Show other bugs)
3.1.0
Unspecified Unspecified
urgent Severity medium
: ---
: ---
Assigned To: Alon Bar-Lev
Tomas Dosek
integration
: Regression
: 834421 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-30 09:04 EDT by David Botzer
Modified: 2015-09-22 09 EDT (History)
11 users (show)

See Also:
Fixed In Version: si15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-04 15:06:14 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Botzer 2012-07-30 09:04:47 EDT
Description of problem:
The port 80 webadmin access should be blocked

Version-Release number of selected component (if applicable):
3.1/si12

How reproducible:
always

Steps to Reproduce:
1.install rhevm
2.Connect to rhevm using the link - http://ip:<http port>/webadmin
  
Actual results:
Aloow access using http to webadmin

Expected results:
Should be blocked
User should be allowed to welcome page (Portal) and from redirect to webadmin via SSL

Additional info:
Comment 1 Itamar Heim 2012-07-31 07:18:48 EDT
webadmin, userportal, api and reports should require ssl.
need to handle both apache and no apache use cases (or always use apache).
Comment 3 Ofer Schreiber 2012-07-31 10:49:11 EDT
service side fix available at http://gerrit.ovirt.org/#/c/6795/1

Engine side fix still needed.
Comment 4 Itamar Heim 2012-08-02 06:38:50 EDT
*** Bug 834421 has been marked as a duplicate of this bug. ***
Comment 5 Alon Bar-Lev 2012-08-06 16:40:13 EDT
Engine side is available at[1].

[1] http://gerrit.ovirt.org/#/c/6827/
Comment 7 Tomas Dosek 2012-08-24 06:28:55 EDT
Veirified - si15 - standard http port is now redirected automatically to https while connecting to webadmin. When trying to wget webadmin on port 80 result is 302 Moved temporararily and redirection to https

Note You need to log in before you can comment on or make changes to this bug.