Amahi Forums

The Amahi Home Server Forums
https://forums.amahi.org/

Web-Apps Proxy via direct access to IP ignores security

https://forums.amahi.org/viewtopic.php?f=13&t=1856

Page 1 of 1

Web-Apps Proxy via direct access to IP ignores security

Posted: Fri Oct 08, 2010 8:09 am
by davidjmurray
Accessing my amahi server externally via *.yourhda.com prompts correctly for a username and password.

When I access the amahi server via the known IP number, the username/password security is not prompted, and the amahi dashboard is displayed.

Info: I have a port mapping of 8181 to 80 within the router/gateway and this is used for access i.e. *.yourhda.com:8181

Cheers,

djm

Re: Web-Apps Proxy via direct access to IP ignores security

Posted: Fri Oct 08, 2010 8:19 am
by davidjmurray
As a temporary fix to this security hole, I have added a line to the /etc/httpd/conf.d/1009-apps-proxy.conf file, at the top:

ServerAlias 68.100.194.98

and reloaded the httpd service:

service httpd reload

Is there a more generic ServerAlias entry to catch port numbers, so this security hole can be plugged?

Cheers,

djm

Re: Web-Apps Proxy via direct access to IP ignores security

Posted: Mon Oct 11, 2010 3:49 am
by cpg
This is a good tip!

There is no real generic way to do that at the moment.

This would be a good candidate to put in a bug in the tracker to track.

http://bugs.amahi.org
1) Login using the same username you use on http://www.amahi.org
2) Choose the project (platform, ...) -
3) Choose "New Issue"
All times are UTC-07:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/