Details

    • Type: Feature Request
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0 DXP FP84, 7.1.10 DXP FP12, 7.2.0 GA1, 7.2.10 DXP GA1
    • Fix Version/s: None
    • Labels:
      None

      Description

      Currently, if one uses multiple virtual instances, one recommendation for hardening a system is to use the first instance exclusively for system administration. Rationale is that this instance has the additional permission to administer the VM, e.g. additional Control Panel content, and OmniAdmins. Every additional instance can't see this content.

      On top of that, the first instance is the default one, which will get any traffic for unknown hostnames.

      Combined with reserving the instance only for administrative purposes, and it by design being the catch-all-traffic instance, the administrative instance may be opened to the public, if there's any misconfiguration upstream - which might only be an IP-based access to the server without DNS-hostname.

      It'd be a security feature to make this foolproof by (willfully) allowing to designate any customer-chosen instance as the one to get all default traffic. Admins can still continue to access the first instance with the (hopefully well-known) hostname.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                support-lep@liferay.com SE Support
                Reporter:
                olaf.kock Olaf Kock
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Packages

                  Version Package