[ZOOKEEPER-2699] Restrict 4lw commands based on client IP - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: security, server
Labels:
None

Description

Currently 4lw commands are executed without authentication and can be accessed from any IP which has access to ZooKeeper server. ~~ZOOKEEPER-2693~~ attempts to limit the 4lw commands which are enabled by default or enabled by configuration.

In addition to ~~ZOOKEEPER-2693~~ we should also restrict 4lw commands based on client IP as well. It is required for following scenario

User wants to enable all the 4lw commands
User wants to limit the access of the commands which are considered to be safe by default.

Implementation:
we can introduce new property 4lw.commands.host.whitelist

By default we allow all the hosts, but off course only on the 4lw exposed commands as per the ~~ZOOKEEPER-2693~~
It can be configured to allow individual IPs(192.168.1.2,192.168.1.3 etc.)
It can also be configured to allow group of IPs like 192.168.1.*

Attachments

Activity

People

Assignee:: Mohammad Arshad

Reporter:: Mohammad Arshad

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Feb/17 07:54

Updated:: 28/Apr/17 10:49

Resolved:: 22/Feb/17 15:11