We were conducting penetration testing on our machines, when the tester noticed that the listeners of the proxy chain from Apify are not bound to localhost by default; take a look at this:
https://github.com/apify/proxy-chain/blob/daecafb1802caef070e54a662e090d18cf2f336a/src/server.ts#L565
We are considering having a patch that introduces the following change:
this.server.listen(this.port); -> this.server.listen(this.port, 'localhost');
But I wanted to ask you first:
Why it defaults not to bind the listener to localhost?
Are you aware of any consequences if we bind it to localhost to increase security? Will that affect the job of the proxy?
Thanks,
Perhaps we should force localhost e.g. for usage from within anonymizeProxy()
We got this report from a customer:
Perhaps we should force
localhost
e.g. for usage from withinanonymizeProxy()