<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">Il 04/10/2019 11.30, Marco Avvisano ha
scritto:<br>
</div>
<blockquote type="cite"
cite="mid:6c317c6e-4f52-b30c-9e6b-68ff8ac346ec@regione.toscana.it">
<p>Hi,</p>
<p>i also recently upgraded to Apache/2.4.41 and xymon 4.30 and i
had the same problem. <br>
</p>
<p>I had to change from "Require all granted" to "Require all
denied" to block access to /xymon-seccgi, but login not work
for me</p>
<p>Here the section from ssl.conf :<br>
</p>
<p>ScriptAlias /xymon-seccgi/ "/usr/local/xymon/cgi-secure/"<br>
<Directory "/usr/local/xymon/cgi-secure"><br>
AllowOverride None<br>
Options ExecCGI Includes FollowSymLinks<br>
<IfModule mod_authz_core.c><br>
# Apache 2.4+<br>
Require all denied<br>
</IfModule><br>
<IfModule !mod_authz_core.c><br>
Order deny,allow<br>
Allow from all<br>
</IfModule><br>
<br>
# Password file where users with access to these scripts are
kept.<br>
# Create it with "htpasswd -c
/usr/local/xymon/server/etc/xymonpasswd USERNAME"<br>
# Add more users / change passwords with "htpasswd
/usr/local/xymon/server/etc/xymonpasswd USERNAME"<br>
#<br>
# You can also use a group file to restrict admin access to
members of a<br>
# group, instead of anyone who is logged in. In that case
you must setup<br>
# the "xymongroups" file, and change the "Require" settings
to require<br>
# a specific group membership. See the Apache docs for more
details.<br>
<br>
AuthUserFile /usr/local/xymon/server/etc/xymonpasswd<br>
AuthGroupFile /usr/loca/xymon/server/etc/xymongroups<br>
AuthType Basic<br>
AuthName "Xymon Administration"<br>
<br>
# "valid-user" restricts access to anyone who is logged in.<br>
Require valid-user<br>
<br>
# "group admins" restricts access to users who have logged
in, AND<br>
# are members of the "admins" group in xymongroups.<br>
# Require group admins<br>
<br>
</Directory><br>
</p>
<p>Any Ideas ?<br>
</p>
<p>Best Regards, <br>
</p>
<p>Marco<br>
</p>
<br>
<div class="moz-cite-prefix">Il 18/10/2018 22.11, LOZOVSKY, DANIEL
L ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:F1D2490D6AB0934FBF82EB739884382E6A1C4599@CAFRFD1MSGUSRIH.ITServices.sbc.com">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<div class="WordSection1">
<p class="MsoNormal">I recently upgraded to apache 2.4.35 and
was having some issues with password file to secure
xymon-seccgi. I got not get apache to read the password
file. To get it to work I had to change from Require all
granted to Require all denied. Now, it works. I get
prompted to enter username and password. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Here is the section from my httpd.conf
file for your reference if you will run into similar
problems. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">ScriptAlias /xymon-seccgi/
"/opt/app/workload/bbapp/bb/cgi-secure/"</p>
<p class="MsoNormal"><Directory
"/opt/app/workload/bbapp/bb/cgi-secure"></p>
<p class="MsoNormal"> AllowOverride None</p>
<p class="MsoNormal"> Options ExecCGI Includes</p>
<p class="MsoNormal"> <IfModule mod_authz_core.c></p>
<p class="MsoNormal"> # Apache 2.4+</p>
<p class="MsoNormal"> <b><span>Require all denied</span></b></p>
<p class="MsoNormal"> </IfModule></p>
<p class="MsoNormal"> <IfModule !mod_authz_core.c></p>
<p class="MsoNormal"> Order deny,allow</p>
<p class="MsoNormal"> Allow from all</p>
<p class="MsoNormal"> </IfModule></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> # Password file where users with
access to these scripts are kept.</p>
<p class="MsoNormal"> # Although expected in
$XYMONHOME/etc/ by the useradm and chpasswd</p>
<p class="MsoNormal"> # scripts, files here can be read
with the "config" message type, </p>
<p class="MsoNormal"> # which allows status-privileged
clients to read arbitrary regular files </p>
<p class="MsoNormal"> # from the directory. </p>
<p class="MsoNormal"> # </p>
<p class="MsoNormal"> # This file should be owned and
readable only by the apache server user,</p>
<p class="MsoNormal"> # and ideally merely a symlink to a
location outside of $XYMONHOME/etc/</p>
<p class="MsoNormal"> # </p>
<p class="MsoNormal"> # Create it with:</p>
<p class="MsoNormal"> # htpasswd -c
/opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME</p>
<p class="MsoNormal"> # chown apache:apache
/opt/app/workload/bbapp/bb/server/etc/xymonpasswd</p>
<p class="MsoNormal"> # chmod 640
/opt/app/workload/bbapp/bb/server/etc/xymonpasswd</p>
<p class="MsoNormal"> # Add more users / change passwords
with: "htpasswd
/opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME"</p>
<p class="MsoNormal"> #</p>
<p class="MsoNormal"> # You can also use a group file to
restrict admin access to members of a</p>
<p class="MsoNormal"> # group, instead of anyone who is
logged in. In that case you must setup</p>
<p class="MsoNormal"> # the "xymongroups" file, and change
the "Require" settings to require</p>
<p class="MsoNormal"> # a specific group membership. See
the Apache docs for more details.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> AuthUserFile
/opt/app/workload/bbapp/bb/server/etc/xymonpasswd</p>
<p class="MsoNormal"> AuthGroupFile
/opt/app/workload/bbapp/bb/server/etc/xymongroups</p>
<p class="MsoNormal"> AuthType Basic</p>
<p class="MsoNormal"> AuthName "Xymon Administration"</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> # "valid-user" restricts access to
anyone who is logged in.</p>
<p class="MsoNormal"> Require valid-user</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> # "group admins" restricts access to
users who have logged in, AND</p>
<p class="MsoNormal"> # are members of the "admins" group
in xymongroups.</p>
<p class="MsoNormal"> # Require group admins</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"></Directory></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I also enabled the following modules. </p>
<p class="MsoNormal">LoadModule authn_file_module
modules/mod_authn_file.so</p>
<p class="MsoNormal">LoadModule authn_dbm_module
modules/mod_authn_dbm.so</p>
<p class="MsoNormal">LoadModule authn_anon_module
modules/mod_authn_anon.so</p>
<p class="MsoNormal">LoadModule authn_core_module
modules/mod_authn_core.so</p>
<p class="MsoNormal">LoadModule authz_host_module
modules/mod_authz_host.so</p>
<p class="MsoNormal">LoadModule authz_groupfile_module
modules/mod_authz_groupfile.so</p>
<p class="MsoNormal">LoadModule authz_user_module
modules/mod_authz_user.so</p>
<p class="MsoNormal">LoadModule authz_core_module
modules/mod_authz_core.so</p>
<p class="MsoNormal">LoadModule access_compat_module
modules/mod_access_compat.so</p>
<p class="MsoNormal">LoadModule auth_basic_module
modules/mod_auth_basic.so</p>
<p class="MsoNormal">LoadModule reqtimeout_module
modules/mod_reqtimeout.so</p>
<p class="MsoNormal">LoadModule filter_module
modules/mod_filter.so</p>
<p class="MsoNormal">LoadModule mime_module
modules/mod_mime.so</p>
<p class="MsoNormal">LoadModule log_config_module
modules/mod_log_config.so</p>
<p class="MsoNormal">LoadModule env_module modules/mod_env.so</p>
<p class="MsoNormal">LoadModule headers_module
modules/mod_headers.so</p>
<p class="MsoNormal">LoadModule setenvif_module
modules/mod_setenvif.so</p>
<p class="MsoNormal">LoadModule version_module
modules/mod_version.so</p>
<p class="MsoNormal">LoadModule unixd_module
modules/mod_unixd.so</p>
<p class="MsoNormal">LoadModule status_module
modules/mod_status.so</p>
<p class="MsoNormal">LoadModule autoindex_module
modules/mod_autoindex.so</p>
<p class="MsoNormal">LoadModule cgid_module
modules/mod_cgid.so</p>
<p class="MsoNormal">LoadModule dir_module modules/mod_dir.so</p>
<p class="MsoNormal">LoadModule alias_module
modules/mod_alias.so</p>
<p class="MsoNormal">LoadModule rewrite_module
modules/mod_rewrite.so</p>
<p class="MsoNormal"> </p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Xymon mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Xymon@xymon.com" moz-do-not-send="true">Xymon@xymon.com</a>
<a class="moz-txt-link-freetext" href="http://lists.xymon.com/mailman/listinfo/xymon" moz-do-not-send="true">http://lists.xymon.com/mailman/listinfo/xymon</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Xymon mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Xymon@xymon.com">Xymon@xymon.com</a>
<a class="moz-txt-link-freetext" href="http://lists.xymon.com/mailman/listinfo/xymon">http://lists.xymon.com/mailman/listinfo/xymon</a>
</pre>
</blockquote>
<br>
</body>
</html>