Ticket #463 (closed Feature Request: fixed)
Secure the status page
| Reported by: | wichert@… | Owned by: | |
|---|---|---|---|
| Priority: | low | Milestone: | Not yet assigned to a Milestone |
| Component: | Gateway | Version: | |
| Keywords: | Cc: |
Description
The gateway status page is readable for everyone at the moment. This has several downsides for me:
- it includes all information needed to disconnect a user using the manual disconnect feature I'm implementing. That makes it a security problem.
- I use wifidog in a highly commercial environment and do not want everyone to be able to see how many people are connecting and which IPs/MACs they have. That has both security issues (MAC addresses reveal a lot about the type of machine someone uses for example) and bussiness reasons (the usage figures are confidential).
I have implemented this in the form of three patches:
- restore the authentication functionality which was removed from LibHTTPD in r252
- add authentication configuration logic to the gateway
- protect the status page
Attachments
-
0001-Restore-auth-support-in-libhttpd-which-was-removed-r.patch
(2.1 KB) - added by wichert@…
13 years ago.
-
0002-Add-authentication-related-settings-to-the-configura.patch
(3.6 KB) - added by wichert@…
13 years ago.
-
0003-Protect-the-status-page-with-authentication.patch
(1.1 KB) - added by wichert@…
13 years ago.
Change History
Note: See
TracTickets for help on using
tickets.
