Ticket #463 (closed Feature Request: fixed)

Opened 7 months ago

Last modified 2 months ago

Secure the status page

Reported by: wichert@wiggy.net Assigned to:
Priority: low Milestone: Not yet assigned to a Milestone
Component: Gateway Keywords:
Cc:

Description

The gateway status page is readable for everyone at the moment. This has several downsides for me:

  • it includes all information needed to disconnect a user using the manual disconnect feature I'm implementing. That makes it a security problem.
  • I use wifidog in a highly commercial environment and do not want everyone to be able to see how many people are connecting and which IPs/MACs they have. That has both security issues (MAC addresses reveal a lot about the type of machine someone uses for example) and bussiness reasons (the usage figures are confidential).

I have implemented this in the form of three patches:

  1. restore the authentication functionality which was removed from LibHTTPD in r252
  2. add authentication configuration logic to the gateway
  3. protect the status page

Attachments

0001-Restore-auth-support-in-libhttpd-which-was-removed-r.patch (2.1 kB) - added by wichert@wiggy.net on 04/28/08 06:47:24.
0002-Add-authentication-related-settings-to-the-configura.patch (3.6 kB) - added by wichert@wiggy.net on 04/28/08 06:47:38.
0003-Protect-the-status-page-with-authentication.patch (1.1 kB) - added by wichert@wiggy.net on 04/28/08 06:47:55.

Change History

04/28/08 06:47:24 changed by wichert@wiggy.net

  • attachment 0001-Restore-auth-support-in-libhttpd-which-was-removed-r.patch added.

04/28/08 06:47:38 changed by wichert@wiggy.net

  • attachment 0002-Add-authentication-related-settings-to-the-configura.patch added.

04/28/08 06:47:55 changed by wichert@wiggy.net

  • attachment 0003-Protect-the-status-page-with-authentication.patch added.

09/30/08 05:33:48 changed by wichert

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in r1368, r1369 and r1370

Add/Change #463 (Secure the status page)




Action