How to configure web interface internals

John-Doe

New Member
Jul 29, 2019
2
0
1
Hi there,

I recently scanned for vulnerabilities on a Proxmox host and discovered a few vulnerabilites with the GUI/Web interface. I was wondering if there is any way to manage the configuration of this web interface for things like X-Frame-Options and HTTPS compression (GZIP/Deflate) so I can resolve some of the issues I've discovered. Apologies if I have missed questions that already answer my questions.

Thanks,
John
 
Ah, thank you that helps with the BREACH vulnerability but I was unable to see any mention of anti-clickjacking X-Frame-Options. I will be looking through documentation again but I do not believe I can find any new pages that will have information on this. Should I submit this to the bug tracker?
 
AFAIR there are no further options - so if you like - please open an enhancement request at https://bugzilla.proxmox.com for further discussion.

OTOH if you want full control over the web-facing side of PVE I would really suggest putting a nginx/haproxy reverse proxy in front of it and use the pve-firewall to prevent access to port 8006 - this should give you the greatest flexibility.