Closed kessiler closed 8 years ago
kessiler
commented
8 years ago @herophuong you can change the bind address to whatever you want. You don't really need to bind it on 0.0.0.0. There isn't anywhere saying its binding to 0.0.0.0, its telling that you proxy is available at "localhost/127.0.0.1" which is the loopback adapter. Accessing from 0.0.0.0 won't take you to the the es proxy/kibana.
lephuongbg
commented
8 years ago I think you may be haven't understood what is binding to 0.0.0.0 means. Correct me if I'm wrong though.
Binding to 0.0.0.0 doesn't mean requests to 0.0.0.0 will access the aws-es-kibana, it means outsiders who have your public or private IP address can access the aws-es-kibana by using your IP.
This is a local service and thus SHOULD NOT BY DEFAULT exposes your AWS to the outside world.
kessiler
commented
8 years ago You're right dude but thats the reason its configurable. We can change it to 127.0.0.1 if it will make you more comfortable.
lephuongbg
commented
8 years ago That would be great. Otherwise, it was a great work that you did.
P/S: Sorry if my language was a bit strong. Those was urgent things security-wise in my opinion so...
kessiler
commented
8 years ago @herophuong all right :)
santthosh
commented
8 years ago Thank you for the improvements @kessiler, the changes have been merged manually and have been published to npm
This pull request has two serious security problems:
I don't recommend to merge this pull request