Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-1831

Change directory permissions to a location in default mod_proxy_cluster.conf

XMLWordPrintable

    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • Documentation (Ref Guide, User Guide, etc.)
    • Sprint 24, Sprint 26, Sprint 27
    • Critical

      Our default mod_proxy_cluster.conf has a restriction for the ips allowed to connect in a directory block:

        Listen 6666
  <VirtualHost *:6666>
    DirectoryIndex disabled
    <Directory />
      Require ip 127.0.0.1
    </Directory>
    ServerAdvertise on
    EnableMCPMReceive
    <Location /mod_cluster_manager>
      SetHandler mod_cluster-manager
      Require ip 127.0.0.1
   </Location>
  </VirtualHost>

      That certainly used to work. But it seems now with latest httpd/mod_cluster, this no longer restricting the connections allowed to this VirtualHost. So any unwanted client could connect and send bad MCMP . This is properly restricted changing the Directory to a Location:

        Listen 6666
  <VirtualHost *:6666>
    DirectoryIndex disabled
    <Location />
      Require ip 127.0.0.1
    </Location>

      So can we change our default config accordingly?

      Similarly, need to fix doc suggestions, so raised JBCS-1832 for that.

        1. patch.JBCS-1831
          0.5 kB

              vchlup@redhat.com Vladimir Chlup
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: