Hi Neil.
On Mon, Feb 27, 2023 at 10:54:54AM +0000, Neil Simmonds wrote:
As far as I can see this is done through the <Directory "/usr/share/xymon/cgi-secure"> part of the httpd.conf (or on my new server Xymon.conf in /etc/httpd/conf.d )
Sounds fitting.
I've got the conf set like the below which is the same as the working system, the /etc/xymon/ xymonpasswd file exists, is owned by apache user and had 64- permissions as required yet I'm not getting prompted for the password when I disable a test? Am I missing something?
[?]
<IfModule mod_authz_core.c>
# Apache 2.4+
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
I suspects that the above, especially the "Require all granted" (which
is Apache-ish for "let everyone in") overrides the following:
<RequireAll>
[?]
Require valid-user
[?]
</RequireAll>
Just remove the two <IfModule> blocks and you're probably fine.
(Assuming that Apache 2.4.x is in use.)
Kind regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: user-0064bde8d49d@xymon.invalid X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/