Bug 895823 - [RFE] improve httpd config guidance
Summary: [RFE] improve httpd config guidance
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cacti
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ken Dreyer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-16 04:42 UTC by Julian C. Dunn
Modified: 2013-08-30 23:39 UTC (History)
2 users (show)

Fixed In Version: cacti-0.8.8b-1.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-30 23:38:27 UTC
Type: Bug


Attachments (Terms of Use)

Description Julian C. Dunn 2013-01-16 04:42:00 UTC
Description of problem:

In Fedora 18, httpd has been upgraded to 2.4 with a different syntax for mod_authz_core directives, however the example cacti.conf still uses the old syntax. Therefore, Cacti won't load with a Forbidden error.

Version-Release number of selected component (if applicable):

cacti-0.8.8a-3.fc18.noarch

How reproducible:

Always

Steps to Reproduce:
1. Install cacti
2. Start httpd
3.
  
Actual results:

Cacti will only show 403 Forbidden due to the changed mod_authz_core syntax on line 15 of /etc/httpd/conf.d/cacti.conf. As the comment states, on Fedoras with httpd >= 2.4, the line should read "Require all granted" instead of "Require host localhost"

Expected results:

Cacti loads normally in web browser by default.

Additional info:

Comment 1 Ken Dreyer 2013-01-16 06:53:30 UTC
Hi Julian, does cacti load ok when browsing from localhost? In other words: does http://localhost/cacti/ work?

I'm reluctant to change the default to "Require all granted", because many web apps (eg phpMyAdmin, websvn) ship this way by default for security.

Comment 2 Julian C. Dunn 2013-01-17 03:33:34 UTC
Yes it does. Sorry, I completely misread the comment at the top of cacti.conf about httpd 2.4 and assumed it was a syntax error. Now that I see it's by design, you can feel free to close this as NOTABUG.

Comment 3 Ken Dreyer 2013-01-17 03:38:28 UTC
That's quite all right. Do you have any suggestions for how we could better phrase the comments in the configuration file, to perhaps make it easier for users?

Comment 4 Julian C. Dunn 2013-01-17 06:14:18 UTC
Sure. I think the header should avoid the mention of "network devices" since that's confusing for people who might think it has something to do with the actual switches, etc. that Cacti will be monitoring.

Maybe you could say something like:

"For security reasons, the Cacti web interface is accessible only to localhost in the default configuration. If you want to allow other clients to access your Cacti installation..." and then put the information about how to change the config.

HTH,
Julian

Comment 5 Ken Dreyer 2013-07-14 22:08:33 UTC
Please accept my apologies that I took a while to ship the fix for this. I was finally able to use an appropriate patch for #888207, so I will be pushing a new update (0.8.8a-8) that will fix this bug as well.

Comment 6 Fedora Update System 2013-07-14 22:16:42 UTC
cacti-0.8.8a-8.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.fc19

Comment 7 Fedora Update System 2013-07-14 22:18:48 UTC
cacti-0.8.8a-8.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.fc18

Comment 8 Fedora Update System 2013-07-14 22:21:36 UTC
cacti-0.8.8a-8.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.el6

Comment 9 Fedora Update System 2013-07-14 22:24:24 UTC
cacti-0.8.8a-8.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.el5

Comment 10 Fedora Update System 2013-07-16 01:08:06 UTC
Package cacti-0.8.8a-8.el5:
* should fix your issue,
* was pushed to the Fedora EPEL 5 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing cacti-0.8.8a-8.el5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10854/cacti-0.8.8a-8.el5
then log in and leave karma (feedback).

Comment 11 Fedora Update System 2013-07-25 00:42:25 UTC
cacti-0.8.8a-8.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2013-07-25 00:48:28 UTC
cacti-0.8.8a-8.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2013-08-07 17:27:42 UTC
cacti-0.8.8b-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/cacti-0.8.8b-1.el6

Comment 14 Fedora Update System 2013-08-07 17:31:08 UTC
cacti-0.8.8b-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/cacti-0.8.8b-1.el5

Comment 15 Fedora Update System 2013-08-30 23:38:27 UTC
cacti-0.8.8b-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2013-08-30 23:39:27 UTC
cacti-0.8.8b-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.