[Xymon] Restricting access to disable/acknowledge etc

Neil Simmonds Neil.Simmonds at studio.co.uk
Mon Feb 27 12:21:06 CET 2023 

Hi Axel,

I double checked the old config and it had the second but not the first ifModule so I commented out the first and all is OK now.

I'm pretty new to Apache config so the help is much appreciated.

Thanks,
Neil.

P.S. Yes, it is Apache 2.4

-----Original Message-----
From: Axel Beckert <abe at deuxchevaux.org>
Sent: 27 February 2023 11:01
To: Neil Simmonds <Neil.Simmonds at studio.co.uk>
Cc: xymon at xymon.com
Subject: Re: [Xymon] Restricting access to disable/acknowledge etc

[CAUTION] This is an external email. Do not click links or open any attachments unless you are sure they are safe.

Hi Neil.

On Mon, Feb 27, 2023 at 10:54:54AM +0000, Neil Simmonds wrote:
> As far as I can see this is done through the <Directory
> "/usr/share/xymon/cgi-secure"> part of the httpd.conf (or on my new
> server Xymon.conf in /etc/httpd/conf.d )

Sounds fitting.

> I've got the conf set like the below which is the same as the working system, the /etc/xymon/ xymonpasswd file exists, is owned by apache user and had 64- permissions as required yet I'm not getting prompted for the password when I disable a test? Am I missing something?
[…]
>     <IfModule mod_authz_core.c>
>         # Apache 2.4+
>         Require all granted
>     </IfModule>
>     <IfModule !mod_authz_core.c>
>         Order allow,deny
>         Allow from all
>     </IfModule>

I suspects that the above, especially the "Require all granted" (which is Apache-ish for "let everyone in") overrides the following:

>     <RequireAll>
[…]
>       Require valid-user
[…]
>     </RequireAll>

Just remove the two <IfModule> blocks and you're probably fine.
(Assuming that Apache 2.4.x is in use.)

                Kind regards, Axel
--
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org  \ /  Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org  X
https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/
Studio is a trading name of Studio Retail Ltd which is authorised and regulated by the Financial Conduct Authority for consumer credit and general insurance. Studio Retail Ltd are members of the Finance and Leasing Association (FLA). Registered in England. No: 718151. Registered Office: Church Bridge House, Henry Street, Accrington, BB5 4EE NOTE: This email and any information contained within or attached in a separate file is confidential and intended solely for the Individual to whom it is addressed. The information or data included is solely for the purpose indicated or previously agreed. Any information or data included with this e-mail remains the property of Studio Retail Ltd and the recipient will refrain from utilising the information for any purpose other than that indicated and upon request will destroy the information and remove it from their records. Any views or opinions presented are solely those of the author and do not necessarily represent those of Studio Retail Ltd. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. No warranties or assurances are made in relation to the safety and content of this e-mail and any attachments. No liability is accepted for any consequences arising from it. Studio Retail Ltd reserves the right to monitor all e-mail communications through its internal and external networks. If you have received this email in error, please notify our careline on +44(0) 371 200 0378.

More information about the Xymon mailing list