From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Tue, 9 Sep 2025 08:57:35 +0000 (+0200)
Subject: rec: warn on passwordless webserver startup and extends docs
X-Git-Tag: rec-5.4.0-alpha1~295^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9249f8818965c1e1ab41ac816c904037ccdefa7;p=thirdparty%2Fpdns.git

rec: warn on passwordless webserver startup and extends docs

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
---

diff --git a/pdns/recursordist/docs/http-api/index.rst b/pdns/recursordist/docs/http-api/index.rst
index 46521d1081..ef94563ce7 100644
--- a/pdns/recursordist/docs/http-api/index.rst
+++ b/pdns/recursordist/docs/http-api/index.rst
@@ -32,6 +32,10 @@ The following webserver related configuration items are available:
 * :ref:`setting-yaml-webservice.port`: Port to bind the webserver to.
 * :ref:`setting-yaml-webservice.allow_from`: Netmasks that are allowed to connect to the webserver
 
+.. warning::
+
+   Not setting a password will allow password-less access to the frontpage showing statistics, the :doc:`endpoint-jsonstat`, the :doc:`../common/api/endpoint-statistics` and the ``localhost`` specific endpoint of the :doc:`../common/api/endpoint-servers`.
+
 Enabling the API
 ----------------
 
diff --git a/pdns/recursordist/ws-recursor.cc b/pdns/recursordist/ws-recursor.cc
index 24705ad56e..074e5256cb 100644
--- a/pdns/recursordist/ws-recursor.cc
+++ b/pdns/recursordist/ws-recursor.cc
@@ -1009,6 +1009,9 @@ void serveRustWeb()
 
   auto logPtr = g_slog->withName("webserver");
 
+  if (arg()["webserver-password"].empty()) {
+    logPtr->info(Logr::Warning, "Webserver launched without a password set!");
+  }
   pdns::rust::misc::LogLevel loglevel = pdns::rust::misc::LogLevel::Normal;
   const auto& configLevel = ::arg()["webserver-loglevel"];
   if (configLevel == "none") {