[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FYI: about the latest monit-general mail rush
|
From: |
Jan-Henrik Haukeland |
|
Subject: |
Re: FYI: about the latest monit-general mail rush |
|
Date: |
Thu, 10 Jul 2003 22:56:51 +0200 |
|
User-agent: |
Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Civil Service, linux) |
Martin Pala <address@hidden> writes:
> Btw. i saw one interesting hint - one of users requested possibility
> to set monit httpd access for specific network, instead of
> explicitly name all hosts (which is his case).
>
> I think it could be good to implement it - i though about CIDR
> notation, so if you want for example set class B network, you will
> write 'allow 192.168.0.0/16', etc. It allows to set subnets (like for
> example top quarter of C: 'allow 192.168.1.192/26')
>
> What do you think?
Sure it's a good idea and it could save a lot of typing in monitrc.
But since monit support Basic Authentication over SSL it's not
pressing to add this functionality IMHO; If a user wants several
machines to have access to the monit daemon he could skip the Access
Control List (via allow) and only use Basic Auth and turn SSL on. This
should be even more safe than to depend on ACL alone since IP-address
spoofing is part of any crackers toolbox these days (or should be :)
But by all means, it's a fine idea and if you have time to implement
it, it's very cool. For my own part I think I have to stick with the
language stuff you recently proposed :) and work on that when I have
time. (Unfortunately time is a problem for me now in July).
--
Jan-Henrik Haukeland