Yes, this server is behind a reverse proxy.
I applied the patches but still can't get either of them to work.
Thanks,
John
-----Original Message-----
From: Ren? Vermare <user-7b955ca225e6@xymon.invalid>
Sent: Wednesday, September 11, 2019 5:31 PM
To: J.C. Cleaver <user-87556346d4af@xymon.invalid>
Cc: Rothlisberger, John R. <user-7adce57665bb@xymon.invalid>;
Subject: [External] Re: [Xymon] can I put enadis into debug mode?
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
Are you behind a (reverse) proxy-server?
I had also a problem with it, my solution was this (small) patch;
--- a/web/enadis.c 2019-07-23 17:29:06.000000000 +0200
+++ b/web/enadis.c 2019-09-11 01:06:33.283642013 +0200
@@ -332,7 +332,8 @@
int argi, i;
char *username = getenv("REMOTE_USER");
char *userhost = getenv("REMOTE_HOST");
- char *userip = getenv("REMOTE_ADDR");
+ char *userip = getenv("HTTP_X_FORWARDED_FOR");
+ if (userip == NULL) userip = getenv("REMOTE_ADDR");
SBUF_DEFINE(fullmsg);
char *envarea = NULL;
int obeycookies = 1;
--- a/web/acknowledge.c 2019-07-23 17:29:06.000000000 +0200
+++ b/web/acknowledge.c 2019-09-11 01:01:55.493676233 +0200
@@ -374,7 +374,8 @@
parse_query();
if (getenv("REMOTE_USER")) {
- char *remaddr = getenv("REMOTE_ADDR");
+ char *remaddr =
+ getenv("HTTP_X_FORWARDED_FOR");
+ if (remaddr == NULL) remaddr =
getenv("REMOTE_ADDR");
SBUF_MALLOC(acking_user, 1024 +
strlen(getenv("REMOTE_USER")) + (remaddr ? strlen(remaddr) : 0));
snprintf(acking_user, acking_user_buflen,
"\nAcked by: %s", getenv("REMOTE_USER"));
Ciao,
Ren?
Op woensdag 11-09-2019 om 15:23 uur [tijdzone -0700], schreef J.C.
Cleaver:
On Wed, September 11, 2019 8:38 am, Rothlisberger, John R. wrote:
We are having issues with acknowledge.sh & enadis.sh since upgrading
to
4.3.29 and then to 4.3.30 on Ubuntu 16.04.
For enadis.sh we do get the following error in the apache log:
2019-09-11 16:34:23.901080 Enadis POST that is not coming from self
or svcstatus (referer=https://urldefense.proofpoint.com/v2/url?u=https-3A__xymonserver_xymon-2Dseccgi_enadis.sh&d=DwIDaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=47_Fg2P5NnCXjeGZ91uSE0ewHpC0t5NqqX7jlLgzfCA&s=J0cuUTaz0-BmSTtX5xqLeSToSiypwAAC96As47W7POw&e= ). Ignoring.
How can we enable debugging on enadis and have that dump to a file?
Unfortunately, it's not quite as easy as it used to be when we were
using shell-based wrappers about the C programs.
You can pass "--debug" as an option to the CGI_ENADIS_OPTS variable
in /etc/xymon/cgioptions.cfg , however. If the error appears to be
happening early in the CGI process (before headers are generated),
you can also set
CGIDEBUG=1
For the issue in question, it seems like the XSS checking is not
working properly or the referer information is somehow being
stripped. Are there any unusual CSP changes in your apache
configuration, or do you have mod_security enabled by any chance?
-jc
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_m
ailman_listinfo_xymon&d=DwIDaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8Irw
NKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0N
MJtuq&m=47_Fg2P5NnCXjeGZ91uSE0ewHpC0t5NqqX7jlLgzfCA&s=z70877tsNZQ12zd
YLp9eQxmXGmHW6DlKsTHrQePbsQU&e=
Dit bericht is gescand op virussen d.m.v. ClamAV
@vermare.net
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
www.accenture.com