yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1710917] Re: ability to disable apache mod_status

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Edward Hope-Morley <edward.hope-morley@xxxxxxxxxxxxx>
Date: Mon, 18 Sep 2017 08:24:25 -0000
Reply-to: Bug 1710917 <1710917@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Patch: https://review.openstack.org/#/c/501829/

** Also affects: horizon
   Importance: Undecided
       Status: New

** No longer affects: horizon

** Also affects: charm-openstack-dashboard
   Importance: Undecided
       Status: New

** Changed in: charm-openstack-dashboard
       Status: New => Fix Committed

** Changed in: charm-openstack-dashboard
     Assignee: (unassigned) => Shane Peters (shaner)

** Changed in: charm-openstack-dashboard
    Milestone: None => 17.11

** Changed in: charm-openstack-dashboard
   Importance: Undecided => Medium

** No longer affects: openstack-dashboard (Ubuntu)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1710917

Title:
  ability to disable apache mod_status

Status in OpenStack openstack-dashboard charm:
  Fix Committed

Bug description:
  The openstack-dashboard /server-status page is accessible by default.
  While useful for some, the existence of the this page may be
  considered a vulnerability.

  The workaround for this would be to execute 'a2dismod status &&
  service restart apache2' on the openstack-dashboard unit.

  Suggest making this a charm option, enabled by default.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1710917/+subscriptions