Skip to content

Commit

Permalink
[chore] Remove references to component.UseLocalHostAsDefaultHost (#11773
Browse files Browse the repository at this point in the history 
)

<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description

<!-- Issue number if applicable -->

Follows #11235, relates to #8510
  • Loading branch information
@mx-psi
mx-psi authored Nov 30, 2024
1 parent 33264a5 commit c52d625
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 7 deletions.
5 changes: 1 addition & 4 deletions docs/security-best-practices.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,6 @@ receivers:
Generally, `localhost`-like addresses should be preferred over the 0.0.0.0 address.
For more information, see [CWE-1327](https://cwe.mitre.org/data/definitions/1327.html).

To change the default endpoint to be `localhost`-bound in all components, enable the `component.UseLocalHostAsDefaultHost` feature gate. This feature gate will be enabled by default in the Collector in a future release.


If `localhost` resolves to a different IP due to your DNS settings then explicitly use the loopback IP instead: `127.0.0.1` for IPv4 or `::1` for IPv6. In IPv6 setups, ensure your system supports both IPv4 and IPv6 loopback addresses to avoid issues.

Using `localhost` may not work in environments like Docker, Kubernetes, and other environments that have non-standard networking setups. We've documented a few working example setups for the OTLP receiver gRPC endpoint below, but other receivers and other Collector components may need similar configuration.
Expand Down Expand Up @@ -324,4 +321,4 @@ Extensions may also be used to run subprocesses. This can be useful when
collection mechanisms that cannot natively be run by the Collector (e.g.
FluentBit). Subprocesses expose a completely separate attack vector that would
depend on the subprocess itself. In general, care should be taken before
running any subprocesses alongside the Collector.
running any subprocesses alongside the Collector.
6 changes: 3 additions & 3 deletions receiver/otlpreceiver/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ The following settings are configurable:
- `endpoint` (default = localhost:4317 for grpc protocol, localhost:4318 http protocol):
host:port to which the receiver is going to receive data. The valid syntax is
described at https://github.com/grpc/grpc/blob/master/doc/naming.md. The
`component.UseLocalHostAsDefaultHost` feature gate changes these to localhost:4317 and
localhost:4318 respectively. This will become the default in a future release.
described at https://github.com/grpc/grpc/blob/master/doc/naming.md. See our
[security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks)
to understand how to set the endpoint in different environments.

## Advanced Configuration

Expand Down

0 comments on commit c52d625

Please sign in to comment.