Description of problem: In Fedora 18, httpd has been upgraded to 2.4 with a different syntax for mod_authz_core directives, however the example cacti.conf still uses the old syntax. Therefore, Cacti won't load with a Forbidden error. Version-Release number of selected component (if applicable): cacti-0.8.8a-3.fc18.noarch How reproducible: Always Steps to Reproduce: 1. Install cacti 2. Start httpd 3. Actual results: Cacti will only show 403 Forbidden due to the changed mod_authz_core syntax on line 15 of /etc/httpd/conf.d/cacti.conf. As the comment states, on Fedoras with httpd >= 2.4, the line should read "Require all granted" instead of "Require host localhost" Expected results: Cacti loads normally in web browser by default. Additional info:
Hi Julian, does cacti load ok when browsing from localhost? In other words: does http://localhost/cacti/ work? I'm reluctant to change the default to "Require all granted", because many web apps (eg phpMyAdmin, websvn) ship this way by default for security.
Yes it does. Sorry, I completely misread the comment at the top of cacti.conf about httpd 2.4 and assumed it was a syntax error. Now that I see it's by design, you can feel free to close this as NOTABUG.
That's quite all right. Do you have any suggestions for how we could better phrase the comments in the configuration file, to perhaps make it easier for users?
Sure. I think the header should avoid the mention of "network devices" since that's confusing for people who might think it has something to do with the actual switches, etc. that Cacti will be monitoring. Maybe you could say something like: "For security reasons, the Cacti web interface is accessible only to localhost in the default configuration. If you want to allow other clients to access your Cacti installation..." and then put the information about how to change the config. HTH, Julian
Please accept my apologies that I took a while to ship the fix for this. I was finally able to use an appropriate patch for #888207, so I will be pushing a new update (0.8.8a-8) that will fix this bug as well.
cacti-0.8.8a-8.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.fc19
cacti-0.8.8a-8.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.fc18
cacti-0.8.8a-8.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.el6
cacti-0.8.8a-8.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/cacti-0.8.8a-8.el5
Package cacti-0.8.8a-8.el5: * should fix your issue, * was pushed to the Fedora EPEL 5 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing cacti-0.8.8a-8.el5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10854/cacti-0.8.8a-8.el5 then log in and leave karma (feedback).
cacti-0.8.8a-8.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8a-8.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/cacti-0.8.8b-1.el6
cacti-0.8.8b-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/cacti-0.8.8b-1.el5
cacti-0.8.8b-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.