Skip to content

Commit a9d4da7

Browse files
tommysitutommysitu
committed
Update docs around security implication for exposing set middleware API
1 parent 584490e commit a9d4da7

File tree

1 file changed

+29
-2
lines changed

1 file changed

+29
-2
lines changed

docs/pages/keyconcepts/middleware.rst

Lines changed: 29 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,13 @@ You can write middleware in any language. There are two different types of middl
2525

2626
Local Middleware
2727
----------------
28-
Hoverfly has the ability to invoke middleware by executing a script or binary file on a host operating system.
28+
Hoverfly has the ability to invoke middleware by executing a script or binary file on a host operating system.
2929
The only requires are that the provided middleware can be executed and sends the Middleware JSON schema to stdout
3030
when the Middleware JSON schema is received on stdin.
3131

3232
HTTP Middleware
3333
---------------
34-
Hoverfly can also send middleware requests to a HTTP server instead of running a process locally. The benefits of this
34+
Hoverfly can also send middleware requests to a HTTP server instead of running a process locally. The benefits of this
3535
are that Hoverfly does not initiate the process, giving more control to the user. The only requirements are that Hoverfly can
3636
POST the Middleware JSON schema to middleware URL provided and the middleware HTTP server responses with a 200 and the
3737
Middleware JSON schema is in the response.
@@ -50,3 +50,30 @@ Hoverfly will send the JSON object to middleware via the standard input stream.
5050
.. seealso::
5151

5252
Middleware examples are covered in the tutorials section. See :ref:`randomlatency` and :ref:`modifyingresponses`.
53+
54+
55+
Security and availability of the Set Middleware API
56+
---------------------------------------------------
57+
58+
By default, the admin endpoint to set middleware (PUT /api/v2/hoverfly/middleware) is disabled. To enable it:
59+
60+
- When starting Hoverfly directly: run with the flag: -enable-middleware-api
61+
- When starting via hoverctl: use the same flag on start: hoverctl start --enable-middleware-api
62+
63+
Network binding and remote access
64+
---------------------------------
65+
66+
By default, Hoverfly binds its Admin and Proxy ports to the loopback interface only (127.0.0.1). This means the Admin API is not reachable from remote hosts out of the box.
67+
68+
.. warning::
69+
70+
Exposing the Admin API outside localhost increases risk, especially if the Set Middleware API is enabled, because it allows executing arbitrary scripts/binaries on the host (for local middleware) or invoking remote middleware services.
71+
72+
If you expose the Admin API and enable the Set Middleware API, you should:
73+
74+
- Run Hoverfly only on trusted/private networks.
75+
- Restrict access to the Admin API to trusted callers and networks (e.g., via firewalls, security groups, VPNs, reverse proxy ACLs).
76+
- Prefer binding to localhost unless there is a strong need to expose it, and scope exposure to the minimum required interfaces.
77+
- Enable authentication if appropriate and avoid exposing the Admin port publicly.
78+
79+
The guidance above applies whether you configure middleware as a local executable/script or as HTTP middleware.

0 commit comments

Comments
 (0)