Bug 871438 - Broken configuration for httpd 2.4
Broken configuration for httpd 2.4
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: nagios (Show other bugs)
18
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jose Pedro Oliveira
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 871373
  Show dependency treegraph
 
Reported: 2012-10-30 08:59 EDT by Remi Collet
Modified: 2013-01-11 19:31 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-11 19:31:35 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Remi Collet 2012-10-30 08:59:08 EDT
Please review /etc/httpd/conf.d/nagios.conf
Comment 1 Jose Pedro Oliveira 2012-12-04 16:28:47 EST
References listed in #871373:

 * Bug 871373 - Broken configuration for httpd 2.4
   https://bugzilla.redhat.com/show_bug.cgi?id=871373
   
   http 2.4 use the Require directive for all access control
   see: http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require

   http 2.2 use the allow/deny/order which are emulated by the mod_acces_compat
   see: httpd.apache.org/docs/2.4/mod/mod_access_compat.html
Comment 2 Jose Pedro Oliveira 2012-12-04 16:36:27 EST
(In reply to comment #1)
...
>    http 2.4 use the Require directive for all access control
>    see: http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require

-----------
...
Require all

The all provider mimics the functionality the was previously provided by the 'Allow from all' and 'Deny from all' directives. This provider can take one of two arguments which are 'granted' or 'denied'. The following examples will grant or deny access to all requests.

    * Require all granted
    * Require all denied

...
-----------


For host specific Require directive:
see http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

-----------
...
Require local

The local provider allows access to the server if any of the following conditions is true:

    the client address matches 127.0.0.0/8
    the client address is ::1
    both the client and the server address of the connection are the same

This allows a convenient way to match connections that originate from the local host:

    * Require local

...
-----------
Comment 3 Jose Pedro Oliveira 2012-12-05 06:55:52 EST

* Authorization Containers

The authorization container directives <RequireAll>, <RequireAny> and <RequireNone> may be combined with each other and with the Require directive to express complex authorization logic.

...

When multiple Require directives are used in a single configuration section and are not contained in another authorization directive like <RequireAll>, they are implicitly contained within a <RequireAny> directive. Thus the first one to authorize a user authorizes the entire request, and subsequent Require directives are ignored.

...


Apache 2.4 configuration
 
<RequireAll>
   Require all granted
   # Require local
   Require valid-user
</RequireAll>
Comment 4 Fedora Update System 2012-12-05 09:50:39 EST
nagios-3.4.3-3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/nagios-3.4.3-3.fc18
Comment 5 Fedora Update System 2012-12-05 18:08:18 EST
Package nagios-3.4.3-3.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nagios-3.4.3-3.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-19786/nagios-3.4.3-3.fc18
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-01-11 19:31:37 EST
nagios-3.4.3-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.