-
Type:
Bug
-
Status: Done
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 6.8.0
-
Component/s: None
-
Labels:None
-
Severity:Medium
-
Requirement Status:
Artifactory can access loopback/localhost on remote repositories, bypassing the network restrictions
We need to add verification on remote repo url to deny internal access, while allowing to whitelist specific prefixes configurable by sys admins.
artifactory.remote.repo.url.whitelist.prefix=[null] separated by ','
also add an ability to block any site local URLs (10/8|172.16/12|192.168/16 prefix), default not blocked.
artifactoryl.remote.repo.url.strict.policy=true(default: false)
strict policy also means that any unresolvable URL will also be blocked