Context Navigation

Ticket #463 (closed Feature Request: fixed)

Opened 4 years ago

Last modified 3 years ago

Reported by:	wichert@…	Owned by:
Priority:	low	Milestone:	Not yet assigned to a Milestone
Component:	Gateway	Version:
Keywords:		Cc:

The gateway status page is readable for everyone at the moment. This has several downsides for me:

it includes all information needed to disconnect a user using the manual disconnect feature I'm implementing. That makes it a security problem.

I use wifidog in a highly commercial environment and do not want everyone to be able to see how many people are connecting and which IPs/MACs they have. That has both security issues (MAC addresses reveal a lot about the type of machine someone uses for example) and bussiness reasons (the usage figures are confidential).

I have implemented this in the form of three patches:

restore the authentication functionality which was removed from LibHTTPD in r252
add authentication configuration logic to the gateway
protect the status page

0001-Restore-auth-support-in-libhttpd-which-was-removed-r.patch (2.1 KB) - added by wichert@… 4 years ago.
0002-Add-authentication-related-settings-to-the-configura.patch (3.6 KB) - added by wichert@… 4 years ago.
0003-Protect-the-status-page-with-authentication.patch (1.1 KB) - added by wichert@… 4 years ago.

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Comment (you may use WikiFormatting here):

Action

leave as closed

reopen The resolution will be deleted. Next status will be 'reopened'

Note: See TracTickets for help on using tickets.