[Bug 1379567] Re: maas-proxy is an open proxy with no ACLs; it should add networks automatically

Jay R. Wren jay.wren at canonical.com
Wed Mar 9 19:29:56 UTC 2016


I'm disappointed that maas being an open proxy isn't mentioned anywhere in the documentation, that I could find. It should be mentioned in big bold red letters, maybe blink or marquee. The, "not designed to be run on the internet" is fine, but it should be well documented and so should the reason why. Many corporate networks are just as sensitive to internal security issues as they are to exposing public internet. Having an open proxy in their private network may harm their intranet security design.

We (team yellow) are running maas on an host on the internet. I
customized the squid config that maas-proxy uses to prevent it from
proxying for internet source request. I suspect that the next maas
update will replace those changes, so I also added iptables rules to
block traffic to those ports from the internet.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567

Title:
  maas-proxy is an open proxy with no ACLs; it should add networks
  automatically

To manage notifications about this bug go to:
https://bugs.launchpad.net/maas/+bug/1379567/+subscriptions



More information about the Ubuntu-server-bugs mailing list