Bug 1648192 - Horizon should not allow to access icons/ directory and the directory should not be shown as index.
Summary: Horizon should not allow to access icons/ directory and the directory should ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: z6
: 13.0 (Queens)
Assignee: Luke Short
QA Contact: Victor Voronkov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-09 04:29 UTC by Keigo Noha
Modified: 2023-03-24 14:21 UTC (History)
4 users (show)

Fixed In Version: openstack-tripleo-heat-templates-8.3.1-4.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-04-30 17:27:35 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 648900 0 'None' 'MERGED' 'Disable a directory listing of /icons in httpd.' 2019-12-06 00:02:39 UTC
OpenStack gerrit 649516 0 'None' 'MERGED' 'Disable a directory listing of /icons in httpd.' 2019-12-06 00:02:39 UTC
OpenStack gerrit 649517 0 'None' 'MERGED' 'Disable a directory listing of /icons in httpd.' 2019-12-06 00:02:39 UTC
Red Hat Product Errata RHBA-2019:0939 0 None None None 2019-04-30 17:27:45 UTC

Description Keigo Noha 2018-11-09 04:29:52 UTC 
Description of problem:
Horizon should not allow to access icons/ directory and the directory should not be shown as index.

Version-Release number of selected component (if applicable):
Current T-H-T

How reproducible:
Always

Steps to Reproduce:
1. Access to <overcloud horizon URL>/icons
2.
3.

Actual results:
Currently, a user can see indexes of the directory.

Expected results:
The indexes should not be visible.

Additional info:
Trying to disable Indexes in alias.conf with the following configuration is not usable

~~~
parameter_defaults:
  ControllerExtraConfig:
    apache::mod::alias::icons_options: '-Indexes MultiViews'
~~~
Comment 3 Keigo Noha 2019-01-15 00:19:53 UTC 
Hi Emilien and team,

Would you please update this bugzilla with the current status?

Best Regards,
Keigo Noha
Comment 4 Keigo Noha 2019-01-29 05:23:55 UTC 
Hi Emilien and team,

Do you have any updates on this bugzilla?

Regards,
Keigo Noha
Comment 6 Keigo Noha 2019-02-26 00:48:05 UTC 
Hi Emilien,

Do you have any updates on this bugzilla?

Regards,
Keigo Noha
Comment 7 Keigo Noha 2019-04-05 01:45:32 UTC 
Hi Emilien,

In Upstream, the fix for stable/queens was merged. Would you please proceed the backport process to RHOSP13?

Best Regards,
Keigo Noha
Comment 12 Luke Short 2019-04-05 14:20:03 UTC 
A Brew build is now available for QE.
Comment 19 errata-xmlrpc 2019-04-30 17:27:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0939
Note You need to log in before you can comment on or make changes to this bug.