Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer private networking for HTTP by default, avoiding public IP bind #7077

Closed
wants to merge 1 commit into from
Closed

Prefer private networking for HTTP by default, avoiding public IP bind #7077

wants to merge 1 commit into from

Conversation

jprante
Copy link
Contributor

@jprante jprante commented Jul 29, 2014

This change breaks with current behavior of ES HTTP server socket binding.

The new default should be to bind HTTP only to private internet addresses
(localhost, link-local, private network RFC 1918) and to avoid
automatic public IP binds.

This change can no longer use the null host name for socket binding as
default. Instead, it looks up the host name by a reverse IP check and uses
localhost if this fails. For success, DNS must be working and configured correctly.
The IP of the host name is used for binding and for the check if the IP is
public. If the IP is public, an exception is thrown, and the HTTP socket is not
available.

A new parameter http.public_access must be enabled explicitly to allow
binding the HTTP port against a public IP. The default is false.

@jprante
Prefer private networking for HTTP by default, avoiding public IP bind
4239235 
This change breaks with current behavior of ES HTTP server socket binding.

The new default should be to bind HTTP only to private internet addresses
(localhost, link-local, private network RFC 1918) and to avoid
automatic public IP binds.

This change can no longer use the `null` host name for socket binding as
default. Instead, it looks up the host name by a reverse IP check and uses
`localhost` if this fails. For success, DNS must be working and configured correctly.
The IP of the host name is used for binding and for the check if the IP is
public. If the IP is public, an exception is thrown, and the HTTP socket is not
available.

A new parameter `http.public_access` must be enabled explicitly to allow
binding the HTTP port against a public IP. The default is `false`.
@dakrone dakrone mentioned this pull request Jun 4, 2015
Merged
@kevinkluge kevinkluge removed the discuss label Jun 4, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jprante @clintongormley @kevinkluge