Making CherryPy listen on localhost ONLY

Thread: Making CherryPy listen on localhost ONLY

Search this list only Search all lists
Making CherryPy listen on localhost ONLY
United States	2007-06-06 09:04:21
Hi, I'm trying to make CherryPy listen only on localhost; I don't want it available on the network. I'm using a reverse proxy in IIS to make it available remotely, and that does access control, so I definitely don't want people to be able to bypass this. Thing is, if I do: server.socket_addr='127.0.0.1' server.socket_port=8082 Then I can still connect over the network: [l389701itsec2 ~]$ telnet itsec4 8082 Trying 10.200.225.4... Connected to itsec4.hxgroup.com (10.200.225.4). This is using CherryPy 2.2 with TurboGears 1.0.2 Any ideas how I can close this? Many thanks, Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

Re: Making CherryPy listen on localhost ONLY
United Kingdom	2007-06-06 09:07:02
Forgive me for asking but why don't you block through the firewall? - Sylvain Paul Johnston a écrit : > Hi, > > I'm trying to make CherryPy listen only on localhost; I don't want it > available on the network. I'm using a reverse proxy in IIS to make it > available remotely, and that does access control, so I definitely > don't want > people to be able to bypass this. > > Thing is, if I do: > server.socket_addr='127.0.0.1' > server.socket_port=8082 > > Then I can still connect over the network: > [l389701itsec2 ~]$ telnet itsec4 8082 > Trying 10.200.225.4... > Connected to itsec4.hxgroup.com (10.200.225.4). > > This is using CherryPy 2.2 with TurboGears 1.0.2 > > Any ideas how I can close this? Many thanks, > > Paul > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

Re: Making CherryPy listen on localhost ONLY
United States	2007-06-06 10:22:58
Hi, Fair question. I need to protect against users on the internal network as well. And this system doesn't have a host firewall. Paul On Jun 6, 3:07 pm, Sylvain Hellegouarch <s...defuze.org> wrote: > Forgive me for asking but why don't you block through the firewall? > > - Sylvain > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

Re: Making CherryPy listen on localhost ONLY
United States	2007-06-06 11:44:14
Paul Johnston wrote: > I'm trying to make CherryPy listen only on localhost; I don't want it > available on the network. I'm using a reverse proxy in IIS to make it > available remotely, and that does access control, so I definitely > don't want > people to be able to bypass this. > > Thing is, if I do: > server.socket_addr='127.0.0.1' > server.socket_port=8082 > > Then I can still connect over the network: > [l389701itsec2 ~]$ telnet itsec4 8082 > Trying 10.200.225.4... > Connected to itsec4.hxgroup.com (10.200.225.4). > > This is using CherryPy 2.2 with TurboGears 1.0.2 Hi Paul, You should be using "socket_host", not "socket_addr". CherryPy's config system sacrifices strictness for power: you don't get a warning when you use an unknown/unused key. Robert Brewer System Architect Amor Ministries fumanchuamor.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

[1-4]

about | contact Other archives ( Real Estate discussion Medical topics )