Skip to content

Commit

Permalink
[docs][chore] warning for using localhost in security-best-practices (#…
Browse files Browse the repository at this point in the history
…9444)

**Description:** <Describe what has changed.>
warning and alert for using localhost which might go under DNS
resolution and end up with an unexpected IP, risking security.

**Link to tracking Issue:** #9338 

**Documentation:** Added Waring and risk alert in
https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md

---------

Co-authored-by: Pablo Baeyens <pbaeyens31+github@gmail.com>
  • Loading branch information
Sanket-0510 and mx-psi authored Mar 6, 2024
1 parent fc08135 commit 2832cd5
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion docs/security-best-practices.md
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,9 @@ For more information, see [CWE-1327](https://cwe.mitre.org/data/definitions/1327

To change the default endpoint to be `localhost`-bound in all components, enable the `component.UseLocalHostAsDefaultHost` feature gate. This feature gate will be enabled by default in the Collector in a future release.


If `localhost` resolves to a different IP due to your DNS settings then explicitly use the loopback IP instead: `127.0.0.1` for IPv4 or `::1` for IPv6. In IPv6 setups, ensure your system supports both IPv4 and IPv6 loopback addresses to avoid issues.

## Processors

Processors sit between receivers and exporters. They are responsible for
Expand Down Expand Up @@ -218,4 +221,4 @@ Extensions may also be used to run subprocesses. This can be useful when
collection mechanisms that cannot natively be run by the Collector (e.g.
FluentBit). Subprocesses expose a completely separate attack vector that would
depend on the subprocess itself. In general, care should be taken before
running any subprocesses alongside the Collector.
running any subprocesses alongside the Collector.

0 comments on commit 2832cd5

Please sign in to comment.