Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prefer private networking for HTTP by default, avoiding public IP bind #7077

Closed
wants to merge 1 commit into from

Conversation

@jprante
Copy link
Contributor

commented Jul 29, 2014

This change breaks with current behavior of ES HTTP server socket binding.

The new default should be to bind HTTP only to private internet addresses
(localhost, link-local, private network RFC 1918) and to avoid
automatic public IP binds.

This change can no longer use the null host name for socket binding as
default. Instead, it looks up the host name by a reverse IP check and uses
localhost if this fails. For success, DNS must be working and configured correctly.
The IP of the host name is used for binding and for the check if the IP is
public. If the IP is public, an exception is thrown, and the HTTP socket is not
available.

A new parameter http.public_access must be enabled explicitly to allow
binding the HTTP port against a public IP. The default is false.

This change breaks with current behavior of ES HTTP server socket binding.

The new default should be to bind HTTP only to private internet addresses
(localhost, link-local, private network RFC 1918) and to avoid
automatic public IP binds.

This change can no longer use the `null` host name for socket binding as
default. Instead, it looks up the host name by a reverse IP check and uses
`localhost` if this fails. For success, DNS must be working and configured correctly.
The IP of the host name is used for binding and for the check if the IP is
public. If the IP is public, an exception is thrown, and the HTTP socket is not
available.

A new parameter `http.public_access` must be enabled explicitly to allow
binding the HTTP port against a public IP. The default is `false`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.