Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding warnings and solution about the configuration exposure #3790

Merged
merged 3 commits into from
Aug 20, 2018
Merged

Adding warnings and solution about the configuration exposure #3790

merged 3 commits into from
Aug 20, 2018

Conversation

dduportal
Copy link
Contributor

@dduportal dduportal commented Aug 20, 2018
edited by ldez
Loading

What does this PR do?

This Pull Request introduces a few warnings and references in the documentation about the impact of enabling the API/Dashboard.

Motivation

Related to #3665, #3651, #3669

More

  • Added/updated documentation

@traefiker traefiker added this to the 1.6 milestone Aug 20, 2018
ldez
ldez approved these changes Aug 20, 2018
View reviewed changes
Copy link
Contributor

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nmengin
nmengin reviewed Aug 20, 2018
View reviewed changes
Copy link
Contributor

@nmengin nmengin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 📖

@dduportal
Docs: adding a few mentions about the exposure risk of enabling the api
113250c 
Signed-off-by: Damien DUPORTAL <damien.duportal@gmail.com>
@dduportal
Docs: API - adding a link to the configuration for basic auth
66ee035 
Signed-off-by: Damien DUPORTAL <damien.duportal@gmail.com>
juliens
juliens requested changes Aug 20, 2018
View reviewed changes
Copy link
Member

@juliens juliens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏

docs/configuration/api.md
@@ -38,6 +41,16 @@ For more customization, see [entry points](/configuration/entrypoints/) document

![Web UI Health](/img/traefik-health.png)

## Security

Copy link
Member

@juliens juliens Aug 20, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe a sentence about "don't expose the api port publicly"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, thanks for the idea and feedback!

@dduportal
Docs: API - a note about 2 layer protection with http auth and tcp po…
368bd17 
…rt restriction

Signed-off-by: Damien DUPORTAL <damien.duportal@gmail.com>
juliens
juliens approved these changes Aug 20, 2018
View reviewed changes
Copy link
Member

@juliens juliens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@traefiker traefiker merged commit f062ee8 into traefik:v1.6 Aug 20, 2018
@ldez ldez changed the title Docs: Adding warnings and solution about the configuration exposure Adding warnings and solution about the configuration exposure Aug 20, 2018
@dduportal dduportal deleted the docs-api-warning-sec branch August 20, 2018 10:07
@VojtechVitek
Copy link

Backlink: https://nvd.nist.gov/vuln/detail/CVE-2018-15598

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliens juliens juliens approved these changes

@ldez ldez ldez approved these changes

@nmengin nmengin nmengin approved these changes

@emilevauge emilevauge Awaiting requested review from emilevauge

Assignees
No one assigned
Labels
area/documentation kind/enhancement a new or improved feature. size/S
Projects
None yet
Milestone
1.6
Development

Successfully merging this pull request may close these issues.
6 participants
@dduportal @VojtechVitek @juliens @ldez @nmengin @traefiker