openstack/kolla-ansible
Code Issues Proposed changes
a1eec2498a
kolla-ansible/releasenotes/notes/http-services-deny-server-status-39d0259664053e59.yaml
Maksim Malchuk e365f4b70d Deny access to public /server-status in http Openstack services 
This change block access to the public /server-status url on all
http services exposed by HAProxy, also fixes an issue with Horizon
where 'Require all granted' open access to the /server-status in
the HAProxy-less configurations. Without this change the issue
affects only Ubuntu/Debian installations where mod_status in Apache2
enabled by default.

Closes-Bug: #1996913
Change-Id: I3ec1af6353c3ecc64589599abe375b0ae9b14d5c
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2023-08-10 10:28:10 +00:00

8 lines
313 B
YAML
Raw Blame History

---
security:
- |
Restrict the access to the http Openstack services exposed /server-status
by default through the HAProxy on the public endpoint. Fixes issue for
Ubuntu/Debian installations. RockyLinux/CentOS not affected.
`LP#1996913 <https://bugs.launchpad.net/kolla-ansible/+bug/1996913>`__
View Git Blame Copy Permalink