Skip to content

Commit

Permalink
admin: add security warning (#534)
Browse files Browse the repository at this point in the history
Fixes envoyproxy/envoy#2769
References envoyproxy/envoy#2763

Signed-off-by: Matt Klein <[email protected]>
  • Loading branch information
mattklein123 authored and htuch committed Mar 13, 2018
1 parent 5192a08 commit a6378e5
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions docs/root/operations/admin.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,27 @@ modify different aspects of the server:
* :ref:`v1 API reference <config_admin_v1>`
* :ref:`v2 API reference <envoy_api_msg_config.bootstrap.v2.Admin>`

.. attention::

The administration interface in its current form both allows destructive operations to be
performed (e.g., shutting down the server) as well as potentially exposes private information
(e.g., stats, cluster names, cert info, etc.). It is **critical** that access to the
administration interface is only allowed via a secure network. It is also **critical** that hosts
that access the administration interface are **only** attached to the secure network (i.e., to
avoid CSRF attacks). This involves setting up an appropriate firewall or optimally only allowing
access to the administration listener via localhost. This can be accomplished with a v2
configuration like the following:

.. code-block:: yaml
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 127.0.0.1, port_value: 9901 }
In the future additional security options will be added to the administration interface. This
work is tracked in `this <https://github.com/envoyproxy/envoy/issues/2763>`_ issue.

.. http:get:: /
Render an HTML home page with a table of links to all available options.
Expand Down

0 comments on commit a6378e5

Please sign in to comment.