Skip to content

Commit a27ebe2

Browse files
RxflexRxflex
committed
fix(health): bind health server to localhost only for security
Change health check server from binding to all interfaces (:8080) to localhost only (127.0.0.1:8080). This prevents external access to sensitive endpoints (/stats, /clients, /banned-ips)
1 parent 9f3cfef commit a27ebe2

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

health/server.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -79,8 +79,8 @@ func StartHealthCheck(configMgr *config.ConfigManager) {
7979
http.HandleFunc("/banned-ips", server.handleBannedIPs)
8080
http.HandleFunc("/clients", server.handleClients)
8181

82-
log.Println("[Health] Starting health check server on :8080")
83-
if err := http.ListenAndServe(":8080", nil); err != nil {
82+
log.Println("[Health] Starting health check server on 127.0.0.1:8080")
83+
if err := http.ListenAndServe("127.0.0.1:8080", nil); err != nil {
8484
log.Printf("[Health] Failed to start server: %v", err)
8585
}
8686
}

0 commit comments

Comments
 (0)