Hello,
We are going through a security hardening process in order to go to production. We were controlled by an external securty contractor and one of the things they noticed is the following part of our mod_cluster configuration in httpd.conf
<VirtualHost OURHOSTNAME:6666> <Directory /> Order deny,allow Deny from all Allow from XXX.YYY.ZZZ.KKK Allow from LLL.MMM.NNN.OOO </Directory> KeepAliveTimeout 60 MaxKeepAliveRequests 0 ... </VirtualHost>
The complaint is that we are allowing access to the root directory / from the cluster members without further contraints.
For example for our normal host (port 80) the configuration is
<Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory>
This is basically deny from all. In fact if we go on through the rest of our security settings for apache they are pretty restricive.
I understand that the risk that somebody will try to bring the apache down from within the cluster members is low.
The question is. Can we configure the virtual host to be more restrictive? Does mod_cluster really need to have root dirctory access on apache? And if so, why is that? My understanding was that we start the virtual host so that the JBoss AS mod_cluster.sar can send usage statistics/ status updates to mod_cluster so that the load balancing can be more efficient. Why does this need root directory access?
Thanks in advance,
Nikos
<VirtualHost kleopatra:6666> <Directory /> Order deny,allow Deny from all Allow from 10.200.251 </Directory> KeepAliveTimeout 60 MaxKeepAliveRequests 0 ... </VirtualHost> |
See http://docs.jboss.org/mod_cluster/1.0.0/html_single/#proxy use proxyURL then deny access to Location / and allow to Location the proxyURL value.