Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: APISIX Admin API security risks #1455

Closed
Miss-you opened this issue Apr 15, 2020 · 8 comments
Closed

bug: APISIX Admin API security risks #1455

Miss-you opened this issue Apr 15, 2020 · 8 comments
Labels
help wanted Extra attention is needed

Comments

@Miss-you
Copy link
Member

Hi, the security department of Tencent recently discovered that Kong's Admin component has security risks. For details, please refer to this link: https://mp.weixin.qq.com/s/Ttpe63H9lQe87Uk0VOyMFw
I read the preliminary article and think that our APISIX Admin API has the same risks.

  1. The old version of APISIX Admin does not use authentication capabilities, it is recommended: upgrade to the new version
  2. In the new version of APISIX, many users will use the default key, and the protection capabilities are virtually useless. It is recommended that the best practice document guide users to replace the key. If possible, APISIX nodes that provide services to the outside need to turn off the Admin API capability, and only APISIX nodes that are allowed internal access provide APISIX Admin API
  3. The Admin API uses https access capability by default, because https can effectively prevent key leakage caused by request hijacking.
@moonming
Copy link
Member

welcome PR to fix 3

@moonming moonming added the help wanted Extra attention is needed label Apr 15, 2020
@membphis
Copy link
Member

note: This PR has fixed the second point here.

#1458

@membphis
Copy link
Member

The Admin API uses https access capability by default, because https can effectively prevent key leakage caused by request hijacking.

Is it enough to enable self-signed certificate?

@moonming
Copy link
Member

moonming commented Apr 16, 2020 via email

@Miss-you
Copy link
Member Author

The Admin API uses https access capability by default, because https can effectively prevent key leakage caused by request hijacking.

Is it enough to enable self-signed certificate?

Yes, that's enough

@Miss-you
Copy link
Member Author

The Admin API uses https access capability by default, because https can effectively prevent key leakage caused by request hijacking.

Is it enough to enable self-signed certificate?

How to enable the self-signed certificate function here?
I will add it to the documentation.

@Miss-you
Copy link
Member Author

hi, after a previous high-availability solution design, I found it more reasonable to recommend users to use the Admin API and Dashboard as APISIX routing services.

First, Kubernetes is the case. If the dashboard wants to be accessed, you need to configure an Ingress (corresponding to the APISIX route)
Second, the default security limit of the Admin API can no longer be just 127.0.0.1, but can also be a common intranet address: such as 10.0.0.0/8, etc.
Third, the security limit of 127.0.0.1 of Admin API is not simple enough. Many people found that Admin API is not available after upgrading APISIX to 1.2, because the default configuration is only accessible through 127.0.0.1

@membphis
Copy link
Member

membphis commented Aug 9, 2020

fixed already.

@membphis membphis closed this as completed Aug 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Miss-you @membphis @moonming