[jboss-jira] [JBoss JIRA] (AS7-3042) IPv6: Invalid redirect to Admin console (wrong IP address)

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Wed Apr 11 05:22:47 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12682947#comment-12682947 ] 

Darran Lofthouse commented on AS7-3042:
---------------------------------------

Is it really the correct URL that should be shared publicly?  How do you know that the user that has connected through a firewall or reverse proxy can or even should be connecting to that address?

Whilst in your scenario that redirect would work there are plenty that will not and should not work.
                
> IPv6: Invalid redirect to Admin console (wrong IP address)
> ----------------------------------------------------------
>
>                 Key: AS7-3042
>                 URL: https://issues.jboss.org/browse/AS7-3042
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Console, Web
>    Affects Versions: 7.1.0.Beta1b
>            Reporter: Pavel Janousek
>            Assignee: Darran Lofthouse
>             Fix For: Open To Community
>
>
> This issue is some derivation from AS7-3040. Lets imagine starting server like this:
> {code}./standalone.sh -Djava.net.preferIPv4Stack=false -Djboss.bind.address=::1{code}
> So by default the admin/management is bound to _::ffff:127.0.0.1:9990_ and _::ffff:127.0.0.1:9999_, but it isn't accessible from Web WelcomePage at _::1:8080_ because the URL is specified as: {code}<a href="/console">{code} and so the next request is http://[::1]:8080/console which redirect requester to http://[::1]:9990, but there isn't any console because it is here - http://[::ffff:127.0.0.1]:9990.
> This is not good as it could lead to integration issues between components (X trying to connect to Y on ::1; Y listening on ::ffff:127.0.0.1).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list