]
Jean-Frederic Clere commented on MODCLUSTER-417:
------------------------------------------------
Obfuscating the JVMRoute is probably not enough to hide the topology of the cluster behind
the proxy....
To do hide the topology you need to replace the sessiond.jvmroute by something that looks
random but translate in jsessionid.jvmroute in mod_cluster logic.
But I don't think that the topology of the cluster is something usable by an attacker
as the nodes should be behind a firewall and the JVMRoute doesn't need to relate to
the internal node name.
Obfuscating jvmRoute as to hide topology
----------------------------------------
Key: MODCLUSTER-417
URL:
https://issues.jboss.org/browse/MODCLUSTER-417
Project: mod_cluster
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Native (httpd modules)
Affects Versions: 1.3.0.Final, 1.2.9.Final
Reporter: Radoslav Husar
Assignee: Jean-Frederic Clere
Priority: Minor
Feature request from
https://github.com/jmcabrera
Hello guys.
First of all, this is a feature request and not a bug.
I would like to "obfuscate" the jvmRoute so that an external attacker cannot
"guess" the topology of my internal infrastructure.
The "strong" way would be to have a symmetrical cipher with a configurable
key.
mod_cluster could then cipher the jsessionid before exposing it to the external world,
and decipher it to recover the jvmRoute and properly redirect the request.
But I guess that this would have very undesirable consequences on performance.
The "weak" way would be just obfuscate, i.e. let's say that the jsessionid
is alea + '.' + jvmRoute. We could take a part of the alea to alter the jvmroute
in a reversible way (XORing for instance).
Anyhow, the expected effect would be that the jvmroute would be externally different for
each and every request.
Unfortunately, I have close to no C skills, hence I cannot make this myself.
(as a side note, coming from mod_jk, I'm quite impressed by the features mod_cluster
offers! Thanks for the good work :) )