Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] Add configuration option to disable the /debug/vars HTTP API endpoint #5305

Closed
rossmcdonald opened this issue Jan 7, 2016 · 4 comments
Closed

[feature request] Add configuration option to disable the /debug/vars HTTP API endpoint #5305

rossmcdonald opened this issue Jan 7, 2016 · 4 comments
Labels
1.x area/configuration kind/feature-request security/misc security

Comments

@rossmcdonald
Copy link
Contributor

Currently the /debug/vars endpoint is not protected by HTTP authentication, which could expose inadvertent debug information to anyone with network access to the InfluxDB instance. Adding the ability to disable this endpoint via configuration would prevent this issue.
@francisdb
Copy link

This is a serious issue:
https://www.shodan.io/search?query=influxdb

Is there a way to set up authentication for this resource?

@rossmcdonald
Copy link
Contributor Author

Currently the only way to restrict access to the /debug/vars resource is by putting InfluxDB behind a proxy and enforcing authentication (or simply disallowing requests to /debug) at the proxy level.

@alekseyp
Copy link

I would love to see authentication here too.

csko added a commit to csko/influxdb that referenced this issue Jul 15, 2017
@csko
add option to hide /debug/ pages
fe755a5 
closes influxdata#5305
@csko csko mentioned this issue Jul 15, 2017
Closed
6 tasks
@dgnorton dgnorton added the 1.x label Jan 7, 2019
@danielnelson danielnelson mentioned this issue Jan 23, 2019
Merged
@russorat
Copy link
Contributor

russorat commented Dec 9, 2019
edited
Loading

this was added via #15222 and will be available in the 1.8 release. You can try it out by building the 1.8 branch.

@russorat russorat closed this as completed Dec 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.x area/configuration kind/feature-request security/misc security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add option to hide /debug/ pages csko/influxdb
6 participants
@francisdb @dgnorton @alekseyp @jdstrand @rossmcdonald @russorat