[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FYI: about the latest monit-general mail rush

From: Jan-Henrik Haukeland
Subject: Re: FYI: about the latest monit-general mail rush
Date: Thu, 10 Jul 2003 22:56:51 +0200
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Civil Service, linux)

Martin Pala <address@hidden> writes:

> Btw. i saw one interesting hint - one of users requested possibility
> to set monit httpd access for specific network, instead of
> explicitly name all hosts (which is his case).
> I think it could be good to implement it - i though about CIDR
> notation, so if you want for example set class B network, you will
> write 'allow', etc. It allows to set subnets (like for
> example top quarter of C: 'allow')
> What do you think?

Sure it's a good idea and it could save a lot of typing in monitrc.
But since monit support Basic Authentication over SSL it's not
pressing to add this functionality IMHO; If a user wants several
machines to have access to the monit daemon he could skip the Access
Control List (via allow) and only use Basic Auth and turn SSL on. This
should be even more safe than to depend on ACL alone since IP-address
spoofing is part of any crackers toolbox these days (or should be :)

But by all means, it's a fine idea and if you have time to implement
it, it's very cool. For my own part I think I have to stick with the
language stuff you recently proposed :) and work on that when I have
time. (Unfortunately time is a problem for me now in July).

Jan-Henrik Haukeland

reply via email to

[Prev in Thread] Current Thread [Next in Thread]