[DISCUSS] Disable hawtio proxy servlet

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[DISCUSS] Disable hawtio proxy servlet

brusdev
Hawtio is an awesome management tool for Java and JVM applications built on
top of JMX. It comes with a proxy servlet so you can connect to all remote
nodes in the whitelist (the whitelist is configured via the
hawtio.proxyWhitelist system property).

Currently, Artemis uses hawtio 1.5.12 and by default, hatwio versions >=
1.5.0 have a whitelist which only allow connections to 127.0.0.1.

I don't think Artemis needs the hawtio proxy servlet and leaving it enabled
could cause issues.

What are your thoughts?

Domenico




--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-Dev-f2368404.html
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUSS] Disable hawtio proxy servlet

jbertram
What specific issues do you think the default whitelist could cause? Is it
just a matter of inconvenience for users?

Also, do we know specifically why the whitelist defaults to 127.0.0.1? I
assume it's for security, but I'm not 100% certain of that.


Justin

On Tue, Feb 18, 2020 at 2:33 AM brusdev <[hidden email]> wrote:

> Hawtio is an awesome management tool for Java and JVM applications built on
> top of JMX. It comes with a proxy servlet so you can connect to all remote
> nodes in the whitelist (the whitelist is configured via the
> hawtio.proxyWhitelist system property).
>
> Currently, Artemis uses hawtio 1.5.12 and by default, hatwio versions >=
> 1.5.0 have a whitelist which only allow connections to 127.0.0.1.
>
> I don't think Artemis needs the hawtio proxy servlet and leaving it enabled
> could cause issues.
>
> What are your thoughts?
>
> Domenico
>
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-Dev-f2368404.html
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUSS] Disable hawtio proxy servlet

jbertram
My apologies. I misunderstood your message. I thought you were asking about
disabling the *whitelist* itself rather than the proxy. Therefore, please
disregard my previous email.

As for disabling the proxy...I have no issue with that. I've never used it,
and I don't see a compelling use-case for it.


Justin

On Tue, Feb 18, 2020 at 8:14 AM Justin Bertram <[hidden email]> wrote:

> What specific issues do you think the default whitelist could cause? Is it
> just a matter of inconvenience for users?
>
> Also, do we know specifically why the whitelist defaults to 127.0.0.1? I
> assume it's for security, but I'm not 100% certain of that.
>
>
> Justin
>
> On Tue, Feb 18, 2020 at 2:33 AM brusdev <[hidden email]> wrote:
>
>> Hawtio is an awesome management tool for Java and JVM applications built
>> on
>> top of JMX. It comes with a proxy servlet so you can connect to all remote
>> nodes in the whitelist (the whitelist is configured via the
>> hawtio.proxyWhitelist system property).
>>
>> Currently, Artemis uses hawtio 1.5.12 and by default, hatwio versions >=
>> 1.5.0 have a whitelist which only allow connections to 127.0.0.1.
>>
>> I don't think Artemis needs the hawtio proxy servlet and leaving it
>> enabled
>> could cause issues.
>>
>> What are your thoughts?
>>
>> Domenico
>>
>>
>>
>>
>> --
>> Sent from:
>> http://activemq.2283324.n4.nabble.com/ActiveMQ-Dev-f2368404.html
>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUSS] Disable hawtio proxy servlet

brusdev
Since nobody is against, I'm going to disable hawtio proxy servlet.
In the current version of hawtio doesn't exist a property to disable the
proxy servlet, so I would substitute web.xml[1] to remove the proxy servlet.

What are your thoughts?

Domenico

[1]
https://github.com/hawtio/hawtio/blob/1.x/hawtio-web/src/main/webapp/WEB-INF/web.xml



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-Dev-f2368404.html
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUSS] Disable hawtio proxy servlet

clebertsuconic
I think you have consensus.. if there was anyone against it.. you
would have gotten some -1 here.


I don't really understand the reasoning as you do, so I trust you on
this one.. go for it.

On Wed, Mar 18, 2020 at 1:15 PM brusdev <[hidden email]> wrote:

>
> Since nobody is against, I'm going to disable hawtio proxy servlet.
> In the current version of hawtio doesn't exist a property to disable the
> proxy servlet, so I would substitute web.xml[1] to remove the proxy servlet.
>
> What are your thoughts?
>
> Domenico
>
> [1]
> https://github.com/hawtio/hawtio/blob/1.x/hawtio-web/src/main/webapp/WEB-INF/web.xml
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-Dev-f2368404.html



--
Clebert Suconic