-
Type: Bug
-
Resolution: Duplicate
-
Priority: Minor - P4
-
None
-
Affects Version/s: 4.0.6
-
Component/s: Security
-
None
With this configuration file:
net:
maxIncomingConnections: 5
maxIncomingConnectionsOverride: ["11.11.11.11/1"]
the expected behavior is that only a client with an IP address of 11.11.11.11/1 should be able to overrride maxIncomingConnections. However, with the IP address set as such in the conf file anyone can connect to the mongod instance after the maxIncomingConnection limit is reached. Furthermore, the number of available connections become negative. This was tested as follows in the mongo shell:
> db.serverStatus().connections { "current" : 6, "available" : -1, "totalCreated" : 6 }
Changing the CIDR block address to a valid one, for example:
net:
maxIncomingConnections: 5
maxIncomingConnectionsOverride: ["192.168.100.14/24"]
works as expected, i.e., it blocks incoming connection once the limit is reached.
My mongod version is:
mongod --version db version v4.0.6 git version: caa42a1f75a56c7643d0b68d3880444375ec42e3 allocator: system modules: none build environment: distarch: x86_64 target_arch: x86_64
- is cloned by
-
SERVER-40376 when maxIncomingConnectionsOverride contains invalid CIDR block, allows connections from any CIDR block
- Closed
- related to
-
SERVER-34986 CIDR Block That is Exempt from maxConns
- Closed