[Xymon] Restricting access to disable/acknowledge etc
Axel Beckert
abe at deuxchevaux.org
Mon Feb 27 12:00:40 CET 2023
Hi Neil.
On Mon, Feb 27, 2023 at 10:54:54AM +0000, Neil Simmonds wrote:
> As far as I can see this is done through the <Directory "/usr/share/xymon/cgi-secure"> part of the httpd.conf (or on my new server Xymon.conf in /etc/httpd/conf.d )
Sounds fitting.
> I've got the conf set like the below which is the same as the working system, the /etc/xymon/ xymonpasswd file exists, is owned by apache user and had 64- permissions as required yet I'm not getting prompted for the password when I disable a test? Am I missing something?
[…]
> <IfModule mod_authz_core.c>
> # Apache 2.4+
> Require all granted
> </IfModule>
> <IfModule !mod_authz_core.c>
> Order allow,deny
> Allow from all
> </IfModule>
I suspects that the above, especially the "Require all granted" (which
is Apache-ish for "let everyone in") overrides the following:
> <RequireAll>
[…]
> Require valid-user
[…]
> </RequireAll>
Just remove the two <IfModule> blocks and you're probably fine.
(Assuming that Apache 2.4.x is in use.)
Kind regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
More information about the Xymon
mailing list