Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove "stats enable" from defaults hash #590

Open
SpoonOne opened this issue Oct 24, 2023 · 0 comments
Open

Remove "stats enable" from defaults hash #590

SpoonOne opened this issue Oct 24, 2023 · 0 comments
Labels
community

Comments

@SpoonOne
Copy link

Use Case

By setting stats enable in the defaults you enable access to the stats page in every HTTP frontend by using /haproxy?stats in the URL. This is not ideal for public facing haproxies as it exposes information that most users would not want available anonymously.

Describe the Solution You Would Like

Please consider removing this setting from the defaults hash and require that module users explicitly set it themselves. I understand this is potentially a breaking change for users relying on this setting but feel the improved security posture is worth it.

Describe Alternatives You've Considered

Enabling default auth as an alternative would have the same potential of breaking existing setups as well as the default credentials already being known by malicious actors.

Additional Context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SpoonOne @ia-content