[Xymon] apache.conf

[John Horne]

On Fri, 2020-08-14 at 15:40 +1000, Brian Scott wrote:
> Hi List,
>
> I was just setting up Xymon at a new job and noticed something odd about
> the xymon-apache.conf file as installed.
>
> For the modern apache permissions model there is an effective 'Require
> all granted' or-ed with 'Require valid-user' for the cgi-secure
> directory. This means that by default access is granted because the
> 'Require all granted' is always true.
>
Hi,

The 'Require valid-user' is wrapped in a 'RequireAll' directive though, and
that must be true. So they are not 'or-ed' together, but 'and-ed'.

It could be argued why bother with the 'Require all granted' since it grants
access to everyone, but I think the config file is simply a template that users
can modify if they wish. If you want to restrict users then the 'Require all
granted' area is where you need to do it depending on your Apache version.



John.

--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>

This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.