From a6378e5f707f41ef51c9be2bb9462224087ed65b Mon Sep 17 00:00:00 2001 From: Matt Klein Date: Tue, 13 Mar 2018 16:15:12 -0700 Subject: [PATCH] admin: add security warning (#534) Fixes envoyproxy/envoy#2769 References envoyproxy/envoy#2763 Signed-off-by: Matt Klein --- docs/root/operations/admin.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/root/operations/admin.rst b/docs/root/operations/admin.rst index 71ab5345a..025da175d 100644 --- a/docs/root/operations/admin.rst +++ b/docs/root/operations/admin.rst @@ -9,6 +9,27 @@ modify different aspects of the server: * :ref:`v1 API reference ` * :ref:`v2 API reference ` +.. attention:: + + The administration interface in its current form both allows destructive operations to be + performed (e.g., shutting down the server) as well as potentially exposes private information + (e.g., stats, cluster names, cert info, etc.). It is **critical** that access to the + administration interface is only allowed via a secure network. It is also **critical** that hosts + that access the administration interface are **only** attached to the secure network (i.e., to + avoid CSRF attacks). This involves setting up an appropriate firewall or optimally only allowing + access to the administration listener via localhost. This can be accomplished with a v2 + configuration like the following: + + .. code-block:: yaml + + admin: + access_log_path: /tmp/admin_access.log + address: + socket_address: { address: 127.0.0.1, port_value: 9901 } + + In the future additional security options will be added to the administration interface. This + work is tracked in `this `_ issue. + .. http:get:: / Render an HTML home page with a table of links to all available options.