Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18385

Block loopback/localhost URLs on remote repositories

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.8.0
    • Component/s: None
    • Labels:
      None
    • Severity:
      Medium
    • Requirement Status:

      UNCOVERED

      Description

      Artifactory can access loopback/localhost on remote repositories, bypassing the network restrictions

      We need to add verification on remote repo url to deny internal access, while allowing to whitelist specific prefixes configurable by sys admins.

      artifactory.remote.repo.url.whitelist.prefix=[null] separated by ','

      also add an ability to block any site local URLs (10/8|172.16/12|192.168/16 prefix), default not blocked.
      artifactoryl.remote.repo.url.strict.policy=true(default: false)
      strict policy also means that any unresolvable URL will also be blocked

        Attachments

          Activity

            People

            Assignee:
            nadavy Nadav Yogev
            Reporter:
            nadavy Nadav Yogev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: