search

HCL-TECH-SOFTWARE / connections-automation

Deployment and upgrade automation scripts for HCL Connections 7.0 based on Ansible
Apache License 2.0
17 stars 32 forks source link

Enforce basic authentication for haproxy stat page #329

Open marde16 opened 9 months ago

marde16 commented 9 months ago

Please add stats auth {{__haproxy_username}}:{{__haproxy_password}} in the section "frontend http_stats" (and the necessary vars in the var file), because everyone who know and has access to the HAProxy stat page can put servers into maintenance mode or drain traffic from them wihtout authentication.

https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/9eb050fdad217266a0fed3e2e35ebaf9f0b20d62/roles/third_party/haproxy-install/templates/haproxy.cfg.j2#L28-L31

more information Exploring the HAProxy Stats Page (What You Should Know)

pln-git4011 commented 9 months ago

Hi Martin, thank you for the feedback. An internal ticket has been created and will be review by the squad