[Bug 1379567] Re: maas-proxy is an open proxy with no ACLs; it should add networks automatically
Jay R. Wren
jay.wren at canonical.com
Wed Mar 9 19:29:56 UTC 2016
I'm disappointed that maas being an open proxy isn't mentioned anywhere in the documentation, that I could find. It should be mentioned in big bold red letters, maybe blink or marquee. The, "not designed to be run on the internet" is fine, but it should be well documented and so should the reason why. Many corporate networks are just as sensitive to internal security issues as they are to exposing public internet. Having an open proxy in their private network may harm their intranet security design.
We (team yellow) are running maas on an host on the internet. I
customized the squid config that maas-proxy uses to prevent it from
proxying for internet source request. I suspect that the next maas
update will replace those changes, so I also added iptables rules to
block traffic to those ports from the internet.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
Title:
maas-proxy is an open proxy with no ACLs; it should add networks
automatically
To manage notifications about this bug go to:
https://bugs.launchpad.net/maas/+bug/1379567/+subscriptions
More information about the Ubuntu-server-bugs
mailing list