My two cents for what it's worth...
This would be a terrific feature and the one I miss the most from commercial load balancers. Makes taking real servers in and out of battery to test an issue simple.
My recommendation would be to make the stats interface read-only by default, and allow read-write only if a "password" option is passed to the admin interface config line.
-J
On Sat, Jun 26, 2010 at 7:39 AM, Willy Tarreau <w#1wt.eu> wrote:
> Hi Judd,
>
> On Thu, Jun 24, 2010 at 05:51:55PM -0400, Judd Montgomery wrote:
>> I've been working on a patch to add buttons to the stats web page, one
>> per server entry. These buttons will enable/disable servers.
>>
>> If/when I finish this patch would it be accepted, or a welcome
>> addition? If so I'll finish it, if not I may or may not.
>
> This feature is appealing, however for security concerns, I've always
> wanted to stick to a "read-only" access to the web interface. It's
> too easy to get caught with an accessible interface on the net with
> people who are able to change parameters. And I've observed such
> unexpected accesses several times now.
>
> But on the other hand, I know that several people are interested with
> such a feature. So I think that the better solution is to start the
> debate here. One idea could be that authentication with crypted
> passwords is absolutely mandatory to enable such features. Maybe
> other persons will have other ideas.
>
> Best regards,
> Willy
>
>
>
Received on 2010/06/30 18:50
This archive was generated by hypermail 2.2.0 : 2010/06/30 19:00 CEST