Good find! I am going to be changing my own configuration immediately! :-)
On 2010-07-24, at 12:00, Matto Marjanovic <[email protected]> wrote: > On 07/23/10 22:24, Matto Marjanovic wrote: >> On 07/23/10 19:55, Jeremy Kiffiak wrote: >>> Hey Matto, >>> >>> I am fairly new to SOGo myself but will give this my best shot! :-) >>> >>> I am unaware of a WOIPaddress option (or something similar) but there is >>> "WOHtppAllowHost" which by default is set to "localhost" (I have >>> explicitly set this in my ".GNUstepDefaults" just to be sure). >> >> Thanks for the suggestion. >> >> However, that parameter does not appear to have any effect on my system. >> I tried setting it alternately to "localhost" and "127.0.0.1" (from being >> unset/unspecified before). In both cases, after a restart the sogod process >> was still listening on 0.0.0.0 (i.e., all interfaces), and would still >> happily >> try to service requests from a remote laptop (i.e. pointed at the URL >> "http://my.server.com:20000/";). > > Ah-ha... I think the answer must have shown up on this list at some point, > because my memory jogged and I remembered what to do. The trick is to > supply the listening address to the WOPort parameter: > > WOPort = "localhost:20000"; > > This does in fact cause sogod to only listen on the 127.0.0.1 interface > (at port 20000). > > The configuration guide mentions WOPort, but neglects to mention this feature. > > ... >> SOGo itself cannot be accessed directly *usefully* --- yet it still exposes >> its half-baked HTTP implementation to the outside world. The default setup >> should not allow this at all. > > (I do think the configuration guide should also suggest setting this parameter > for the typical setup.) > > -m > >> >> -m >> >>> >>> Anyways, hopefully I didn't lead you down the wrong path... :-D >>> >>> Jeremy >>> >>> >>> >>> On 24-Jul-10, at 8:03 AM, Matto Marjanovic wrote: >>> >>>> Hi, >>>> >>>> Is there a config option to specify which net interfaces sogod binds to? >>>> This would be the analog to WOPort, for IP address instead of port >>>> number. >>>> >>>> The use case I have is to tell sogod to listen on localhost only. >>>> In a simple setup with apache and sogod on the same host, there is >>>> typically no good reason for sogod to accept connections from anywhere >>>> else. >>>> >>>> -m >>>> -- >>>> [email protected] >>>> https://inverse.ca/sogo/lists >>> >> > > -- > [email protected] > https://inverse.ca/sogo/lists
-- [email protected] https://inverse.ca/sogo/lists
