commit 893b806279fa01ee0515e0aa5ab9329dd1d11f30
Author: Maksim Malchuk <email address hidden>
Date: Tue Aug 8 11:35:55 2023 +0300
Deny access to public /server-status in http Openstack services
This change block access to the public /server-status url on all
http services exposed by HAProxy, also fixes an issue with Horizon
where 'Require all granted' open access to the /server-status in
the HAProxy-less configurations. Without this change the issue
affects only Ubuntu/Debian installations where mod_status in Apache2
enabled by default.
Closes-Bug: #1996913
Change-Id: I3ec1af6353c3ecc64589599abe375b0ae9b14d5c
Signed-off-by: Maksim Malchuk <email address hidden>
(cherry picked from commit e365f4b70dc9d4871c8dfbab3c0f1fee50d6fee9)
Reviewed: https:/ /review. opendev. org/c/openstack /kolla- ansible/ +/890859 /opendev. org/openstack/ kolla-ansible/ commit/ 893b806279fa01e e0515e0aa5ab932 9dd1d11f30
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/yoga
commit 893b806279fa01e e0515e0aa5ab932 9dd1d11f30
Author: Maksim Malchuk <email address hidden>
Date: Tue Aug 8 11:35:55 2023 +0300
Deny access to public /server-status in http Openstack services
This change block access to the public /server-status url on all
http services exposed by HAProxy, also fixes an issue with Horizon
where 'Require all granted' open access to the /server-status in
the HAProxy-less configurations. Without this change the issue
affects only Ubuntu/Debian installations where mod_status in Apache2
enabled by default.
Closes-Bug: #1996913 c64589599abe375 b0ae9b14d5c 71c8dfbab3c0f1f ee50d6fee9)
Change-Id: I3ec1af6353c3ec
Signed-off-by: Maksim Malchuk <email address hidden>
(cherry picked from commit e365f4b70dc9d48