DAG Launcher HTTP to HTTPS redirection

resp3ct · ‎01-31-2019

Hi,
It appears the DAG Launcher supports 80->443 redirection natively, but are there any concerns with opening the DAG:80 to the world?

Thanks

MacD1 · ‎02-01-2019

Hi Resp3ct,

The DAG will automatically redirect traffic from 80 to 443 by default and does not require any configuration to do so. As a result there is very little traffic passed insecurely over 80 (just a handshake and redirection) then everything is completed over https.

Exposing the DAG to the world is just like exposing any other web server to the world, it was designed to be publicly accessible.

One final note I would make is that I would recommend that you lock down your administrative interface. This can be done by restricting access to the port on linux (typically 8443). In Windows the Duo Access Gateway administrative interface can only be accessed from the Duo Access Gateway server’s assigned IP addresses. If you need to access the Duo Access Gateway admin console from an IP address not assigned to the Duo Access Gateway server’s network interface(s) — such as an external IP address assigned to your Duo Access Gateway server by your public DNS service or a management server on your internal network — enter the additional IP addresses when prompted.

Let me know if you have any further questions.

Thanks
Scott

resp3ct · ‎02-01-2019

Thanks Scott! That’s what I needed to confirm.