Actions
Bug #5651
closedThe 'trusted_hosts' config key has an unintuitive (and potentially dangerous) behavior
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Description
According to the Foreman documentation:
[trusted_hosts] is the list of hosts from which the smart proxy will accept connections. If this list is empty then every verified SSL connection is allowed to access the API.
There are two issues:
- This behavior is unintuitive. An empty list of trusted hosts should imply that no hosts are trusted, not that all hosts are trusted. An implication of the current behavior is that I would need to enter in a bogus trusted host in order to disable all remote access.
- The proxy (at least in Foreman 1.4.2) accepts ALL connections when trusted_hosts is empty, not just verified connections. In a test deployment, we were able to access the API via curl without providing any credentials or certificates/keys when trusted_hosts was empty.
Actions