Hi all,
Le samedi 26 juin 2010 15:39:58, Willy Tarreau a écrit :
> Hi Judd,
>
> On Thu, Jun 24, 2010 at 05:51:55PM -0400, Judd Montgomery wrote:
> > I've been working on a patch to add buttons to the stats web page, one
> > per server entry. These buttons will enable/disable servers.
> >
> > If/when I finish this patch would it be accepted, or a welcome
> > addition? If so I'll finish it, if not I may or may not.
I know some users who would appreciate this feature ;)
> This feature is appealing, however for security concerns, I've always
> wanted to stick to a "read-only" access to the web interface. It's
> too easy to get caught with an accessible interface on the net with
> people who are able to change parameters. And I've observed such
> unexpected accesses several times now.
Oh yes, I can't count the number of servers where I've seen public access to the mod_proxy_balancer and mod_jk pages.
> But on the other hand, I know that several people are interested with
> such a feature. So I think that the better solution is to start the
> debate here. One idea could be that authentication with crypted
> passwords is absolutely mandatory to enable such features. Maybe
> other persons will have other ideas.
Some configurations may want to have no authentication and set restriction for some other rules. Maybe a keyword with a mandatory condition can answer to all needs.
Example :
stats admin if <cond>
In this case, I don't think "unless" is a good idea, but I may be wrong.
This will let people choose the restriction by themselves :
- only allow a subnet - only enable administration functions to userlists/groups - make administration totally public, assuming they know what they do and whatthey want, by declaring a condition that clearly say that. - ...
This is just an idea ;)
-- Cyril BontéReceived on 2010/06/26 22:29
This archive was generated by hypermail 2.2.0 : 2010/06/26 22:45 CEST