rec: warn on passwordless webserver startup and extends docs

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

diff --git a/pdns/recursordist/docs/http-api/index.rst b/pdns/recursordist/docs/http-api/index.rst
index 46521d1081e0d61609359c2c285c11260414d6c4..ef94563ce78a12eccd560bcbe0c65ea2bad7fb61 100644 (file)
--- a/pdns/recursordist/docs/http-api/index.rst
+++ b/pdns/recursordist/docs/http-api/index.rst
@@ -32,6 +32,10 @@ The following webserver related configuration items are available:
 * :ref:`setting-yaml-webservice.port`: Port to bind the webserver to.
 * :ref:`setting-yaml-webservice.allow_from`: Netmasks that are allowed to connect to the webserver
 
+.. warning::
+
+   Not setting a password will allow password-less access to the frontpage showing statistics, the :doc:`endpoint-jsonstat`, the :doc:`../common/api/endpoint-statistics` and the ``localhost`` specific endpoint of the :doc:`../common/api/endpoint-servers`.
+
 Enabling the API
 ----------------
 

diff --git a/pdns/recursordist/ws-recursor.cc b/pdns/recursordist/ws-recursor.cc
index 24705ad56ee5b84e0a13a78408083a4052292c5d..074e5256cbd57557297d72f01aa2b9b419833a6c 100644 (file)
--- a/pdns/recursordist/ws-recursor.cc
+++ b/pdns/recursordist/ws-recursor.cc
@@ -1009,6 +1009,9 @@ void serveRustWeb()
 
   auto logPtr = g_slog->withName("webserver");
 
+  if (arg()["webserver-password"].empty()) {
+    logPtr->info(Logr::Warning, "Webserver launched without a password set!");
+  }
   pdns::rust::misc::LogLevel loglevel = pdns::rust::misc::LogLevel::Normal;
   const auto& configLevel = ::arg()["webserver-loglevel"];
   if (configLevel == "none") {