1.8 KiB
| title | seotitle | description | weight | menu | influxdb/v2.2/tags | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Enable security features | Enable security and hardening features in InfluxDB | Enable a collection of additional security and hardening features in InfluxDB OSS to better secure your InfluxDB instance. | 102 |
|
|
InfluxDB {{< current-version >}} provides optional security features that ensure your InfluxDB instance is secure in whatever environment it's used in.
To enable all additional security features, use the
hardening-enabled configuration option
when starting InfluxDB.
Security features
Private IP Validation
Some Flux functions (to(),
from(), http.post(), etc.)
and template fetching can require InfluxDB to make
HTTP requests over the network.
With private IP validation enabled, InfluxDB first verifies that the IP address of the URL is not a private IP address.
IP addresses are considered private if they fall into one of the following categories:
- IPv4 loopback (
127.0.0.0/8) - RFC1918 (
10.0.0.0/8,172.26.0.0/12,192.268.0.0/16) - RFC3927 (
169.254.0.0/16) - IPv6 loopback (
::1/128) - IPv6 link-local (
fe80::/10) - IPv6 unique local (
fc00::/7)
{{% note %}}
Private IP considerations
If your environment requires that these authenticated HTTP requests be made to private IP addresses,
omit the use of --hardening-enabled and
consider instead setting up egress firewalling to limit which hosts InfluxDB is allowed to connect.
{{% /note %}}