Hi List,
I was just setting up Xymon at a new job and noticed something odd about
the xymon-apache.conf file as installed.
For the modern apache permissions model there is an effective 'Require
all granted' or-ed with 'Require valid-user' for the cgi-secure
directory. This means that by default access is granted because the
'Require all granted' is always true.
The simple answer is to remove the:
<IfModule mod_authz_core.c>
??????? # Apache 2.4+
??????? Require all granted
</IfModule>
section.
Trivial diff attached.
Cheers,
Brian
-------------- next part --------------
--- docs/xymon-apacheconf.txt.orig 2015-05-23 11:13:14.000000000 +1000
+++ docs/xymon-apacheconf.txt 2020-08-14 10:47:44.605504000 +1000
@@ -42,10 +42,6 @@
<Directory "/usr/local/xymon/cgi-secure">
AllowOverride None
Options ExecCGI Includes
- <IfModule mod_authz_core.c>
- # Apache 2.4+
- Require all granted
- </IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all