How to Fix the Unauthorized Access Vulnerability of Swagger API Detected on Port 2379 of PD Node in TiDB 4.0.7?

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: tidb4.0.7版本的pd节点2379端口安全扫描报Swagger API 未授权访问漏洞,如何修复?

| username: TiDBer_w08YopmM

The security scan of the 2379 port on the PD node of TiDB version 4.0.7 reports an unauthorized access vulnerability in the Swagger API. How can this be fixed?

| username: WalterWj | Original post link

Methods for scaling PD, switching ports, or adding a firewall.

| username: zhanggame1 | Original post link

Medium risk does not need to be fixed.

| username: Fly-bird | Original post link

For the requirements of Level 3 protection, you can add a firewall to allow only internal cluster access and restrict through IP policies.

| username: 像风一样的男子 | Original post link

Yellow indicates a medium risk, not a mandatory fix.

| username: zxgaa | Original post link

It can also be left unfixed, or you can add ACL policies to restrict the IP range, thereby reducing the risk level.

| username: tidb菜鸟一只 | Original post link

There is currently no option to disable this separately. You can restrict the port to prevent machines other than TiDB from accessing it.