Description of problem: /etc/httpd/conf.d/awstats.conf file in the awstats package 1. has incorrect paths /usr/local instead of /usr/share 2. does not provide configuration for mod_authz_core module while mod_access_compat directives are ignored So HTTP requests to awstats resources, e.g. icons, fail with errors Version-Release number of selected component (if applicable): CentOS-8.1 and RHEL-8.1 awstats-7.7-5.el8.noarch How reproducible: Can be easily reproduced. Steps to Reproduce: 1. Install httpd 2. Install awstats (currently it requires --enablerepo epel-testing due to the Bug #1819456 related to required perl packages) 3. Try to get some icon curl -I 127.0.0.1/awstatsicons/cpu/ibm.png Actual results: HTTP/1.1 403 Forbidden in the case of simple curl request Statistics page has lack of icons. If fail2ban is installed on the server and statistics page is accessed from a browser then the client IP is banned. Expected results: HTTP/1.1 200 OK in the case of the curl request Working statisitcs pages. Additional info: Expected configuration shipped in the package --- /etc/httpd/conf.d/awstats.conf.orig 2020-04-14 04:53:51.327456372 +0000 +++ /etc/httpd/conf.d/awstats.conf 2020-04-14 05:16:14.134450340 +0000 @@ -12,18 +12,17 @@ # Directives to add to your Apache conf file to allow use of AWStats as a CGI. # Note that path "/usr/local/awstats/" must reflect your AWStats install path. # -Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" -Alias /awstatscss "/usr/local/awstats/wwwroot/css/" -Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" -ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" +Alias /awstatsclasses "/usr/share/awstats/wwwroot/classes/" +Alias /awstatscss "/usr/share/awstats/wwwroot/css/" +Alias /awstatsicons "/usr/share/awstats/wwwroot/icon/" +ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/" # # This is to permit URL access to scripts/files in AWStats directory. # -<Directory "/usr/local/awstats/wwwroot"> +<Directory "/usr/share/awstats/wwwroot"> Options None AllowOverride None - Order allow,deny - Allow from all + Require all granted </Directory> Notice in /etc/httpd/conf/httpd.conf <Directory /> AllowOverride none Require all denied </Directory> https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html > The directives provided by mod_access_compat have been deprecated by mod_authz_host. Mixing old directives like Order, Allow or Deny with new ones like Require is technically possible but discouraged. /var/log/httpd/error_log [Tue Apr 14 12:14:06.391873 2020] [authz_core:debug] [pid 5410:tid 140559473682176] mod_authz_core.c(820): [client 127.0.0.1:53888] AH01626: authorization result of Require all denied: denied [Tue Apr 14 12:14:06.391909 2020] [authz_core:debug] [pid 5410:tid 140559473682176] mod_authz_core.c(820): [client 127.0.0.1:53888] AH01626: authorization result of <RequireAny>: denied [Tue Apr 14 12:14:06.391914 2020] [authz_core:error] [pid 5410:tid 140559473682176] [client 127.0.0.1:53888] AH01630: client denied by server configuration: /usr/local/awstats
Created attachment 1710477 [details] Fix incorrect paths in awstats.conf Trivial patch to fix this
I've attached a patch and shared this with the maintainer; however, even after applying this patch I've noted some other path-related issues (references to /usr/local/awstats in various files)
FEDORA-EPEL-2020-3e15414000 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3e15414000
FEDORA-EPEL-2020-3e15414000 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3e15414000 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2020-539ebf7d91 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-539ebf7d91 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2020-539ebf7d91 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.