14 Aug
2020
14 Aug
'20
5:40 a.m.
Hi List,
I was just setting up Xymon at a new job and noticed something odd about the xymon-apache.conf file as installed.
For the modern apache permissions model there is an effective 'Require all granted' or-ed with 'Require valid-user' for the cgi-secure directory. This means that by default access is granted because the 'Require all granted' is always true.
The simple answer is to remove the:
<IfModule mod_authz_core.c> ??????? # Apache 2.4+ ??????? Require all granted </IfModule>
section.
Trivial diff attached.
Cheers,
Brian