View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000955aMulePreferencespublic2006-08-29 10:192017-05-30 08:49
Reporterhramrach 
Assigned ToKry 
PriorityhighSeverityminorReproducibilityalways
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version2.1.3 
Target VersionFixed in Version 
Summary0000955: add option to specify listening address for amuleweb
DescriptionIt is possible to specify an address on which amule(d) listens as ECServer but it is not possible to specify the address on which amuleweb listens.
Additional InformationCould be used to allow the web only on one interface of machines that have several interfaces, or to allow only local connections so that it is possible to connect only from localhost or through ssh tunnels.
Tagsconfigure, connection
Fixed in Revision
Operating SystemAny
Attached Files

- Relationships

-  Notes
(0003534)
bugmi (reporter)
2011-01-29 17:47

Nothing yet? it would be really useful.
(0003702)
uqbar (reporter)
2017-05-30 08:10
edited on: 2017-05-30 08:49

This is actually a major bug to be addressed asap.

It's a real bug as the amule.conf file has an ECAddress setting to limit the "external connections" address, but amuleweb is happily ignoring it and is not able to connect unless it's unset!

And it's a security bug as well. The web UI has no encryption (aka SSL) and opening a web UI over any network without encryption is a security nightmare.

Now, besides adding encryption, there's an easy solution: fix just this bug.

Let amuleweb listen on loopback only at any address from 127.0.0.1 to 127.255.255.254.
Then open an SSH TCP port forward/SOCKSv5 proxy from remote client to the amuleweb host.
This should add very strong encryption to amuleweb with just a tiny fix.

Maybe the offendig code is here:

file:src/sebserver/WebServer.cpp, line 285

        amuleIPV4Address addr;
        addr.AnyAddress();
        addr.Service(webInterface->m_WebserverPort);

it looks like it's setting the listening address to 0.0.0.0 .
What's hard to find to me (so far) is where it's connecting to for amuled.


- Issue History
Date Modified Username Field Change
2006-08-29 10:19 hramrach New Issue
2006-08-29 10:19 hramrach Operating System => Any
2006-08-31 12:36 Kry Status new => assigned
2006-08-31 12:36 Kry Assigned To => Kry
2006-09-26 05:07 Kry Priority normal => high
2006-11-09 22:40 pcmaster Note Added: 0002157
2006-11-09 22:40 pcmaster Note Deleted: 0002157
2011-01-29 17:47 bugmi Note Added: 0003534
2017-05-30 08:10 uqbar Note Added: 0003702
2017-05-30 08:31 uqbar Note Edited: 0003702 View Revisions
2017-05-30 08:35 uqbar Tag Attached: configure
2017-05-30 08:35 uqbar Tag Attached: connection
2017-05-30 08:49 uqbar Note Edited: 0003702 View Revisions


Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker