Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18385

Block loopback/localhost URLs on remote repositories

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.8.0
    • Component/s: None
    • Labels:
      None

      Description

      Artifactory can access loopback/localhost on remote repositories, bypassing the network restrictions

      We need to add verification on remote repo url to deny internal access, while allowing to whitelist specific prefixes configurable by sys admins.

      artifactory.remote.repo.url.whitelist.prefix=[null] separated by ','

      also add an ability to block any site local URLs (10/8|172.16/12|192.168/16 prefix), default not blocked.
      artifactoryl.remote.repo.url.strict.policy=true(default: false)
      strict policy also means that any unresolvable URL will also be blocked

        Attachments

          Activity

            People

            • Assignee:
              nadavy Nadav Yogev
              Reporter:
              nadavy Nadav Yogev
              Assigned QA:
              Alex Dvorkin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: