Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-6855

Insight clients currently require access (unauthenticated) to multiple backend nodes

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None
    • 0
    • 0% 0%
    • Todo

      In Hawtio, if you access the Insight Logs console, multiple requests are made to the insight-console container and also backend nodes with insight profiles deployed.

      This presents a problem where only the container with the insight-console is accessible to the end user. Moreover, if all insight containers are made available to the end user, the insight ports are not protected:

      ~~~
      curl 'http://172.17.0.4:9200/_nodes' -H 'Origin: http://172.17.0.2:8181' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36' -H 'Accept: application/json, text/plain, /' -H 'Referer: http://172.17.0.2:8181/hawtio/insight/dashboard?kbnId=app%2Finsight%2Fdashboards%2Flogs&p=insight&tab=insight-logs' -H 'Connection: keep-alive' --compressed
      ~~~

              atarocch@redhat.com Andrea Tarocchi
              rhn-support-shiggs Stephen Higgs
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: