Billy Tat
1.3 KiB
title
| title |
|---|
| Rancher Security Best Practices |
Restrict Public Access to /version and /rancherversion Path
The upstream (local) Rancher instance provides information about the Rancher version it is running and the Go version that was used to build it. That information is accessible via the /version path, which is used for tasks such as automating version bumps, or confirming that a deployment was successful. The upstream instance also provides Rancher version information accessible via the /rancherversion path.
Adversaries can misuse this information to identify the running Rancher version and cross-relate it with potential bugs to exploit. If your upstream Rancher instance is publicly available on the web, use a Layer 7 firewall to block /version and /rancherversion.
See OWASP Web Application Security Testing - Enumerate Infrastructure and Application Admin Interfaces for more information on protecting your server.