Accessing my amahi server externally via *.yourhda.com prompts correctly for a username and password.
When I access the amahi server via the known IP number, the username/password security is not prompted, and the amahi dashboard is displayed.
Info: I have a port mapping of 8181 to 80 within the router/gateway and this is used for access i.e. *.yourhda.com:8181
Cheers,
djm
Web-Apps Proxy via direct access to IP ignores security
-
davidjmurray
- Posts: 4
- Joined: Fri Oct 08, 2010 8:01 am
-
davidjmurray
- Posts: 4
- Joined: Fri Oct 08, 2010 8:01 am
Re: Web-Apps Proxy via direct access to IP ignores security
As a temporary fix to this security hole, I have added a line to the /etc/httpd/conf.d/1009-apps-proxy.conf file, at the top:
ServerAlias 68.100.194.98
and reloaded the httpd service:
service httpd reload
Is there a more generic ServerAlias entry to catch port numbers, so this security hole can be plugged?
Cheers,
djm
ServerAlias 68.100.194.98
and reloaded the httpd service:
service httpd reload
Is there a more generic ServerAlias entry to catch port numbers, so this security hole can be plugged?
Cheers,
djm
Re: Web-Apps Proxy via direct access to IP ignores security
This is a good tip!
There is no real generic way to do that at the moment.
This would be a good candidate to put in a bug in the tracker to track.
http://bugs.amahi.org
1) Login using the same username you use on http://www.amahi.org
2) Choose the project (platform, ...) -
3) Choose "New Issue"
There is no real generic way to do that at the moment.
This would be a good candidate to put in a bug in the tracker to track.
http://bugs.amahi.org
1) Login using the same username you use on http://www.amahi.org
2) Choose the project (platform, ...) -
3) Choose "New Issue"
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1
Who is online
Users browsing this forum: No registered users and 1 guest