I recently upgraded to apache 2.4.35 and was having some issues with password file to secure xymon-seccgi. I got not get apache to read the password file. To get it to work I had to change from Require all granted to Require all denied. Now, it works. I get prompted to enter username and password.
Here is the section from my httpd.conf file for your reference if you will run into similar problems.
ScriptAlias /xymon-seccgi/ "/opt/app/workload/bbapp/bb/cgi-secure/" <Directory "/opt/app/workload/bbapp/bb/cgi-secure"> AllowOverride None Options ExecCGI Includes <IfModule mod_authz_core.c> # Apache 2.4+ Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Allow from all </IfModule>
# Password file where users with access to these scripts are kept.
# Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
# scripts, files here can be read with the "config" message type,
# which allows status-privileged clients to read arbitrary regular files
# from the directory.
#
# This file should be owned and readable only by the apache server user,
# and ideally merely a symlink to a location outside of $XYMONHOME/etc/
#
# Create it with:
# htpasswd -c /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME
# chown apache:apache /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
# chmod 640 /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
# Add more users / change passwords with: "htpasswd /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME"
#
# You can also use a group file to restrict admin access to members of a
# group, instead of anyone who is logged in. In that case you must setup
# the "xymongroups" file, and change the "Require" settings to require
# a specific group membership. See the Apache docs for more details.
AuthUserFile /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
AuthGroupFile /opt/app/workload/bbapp/bb/server/etc/xymongroups
AuthType Basic
AuthName "Xymon Administration"
# "valid-user" restricts access to anyone who is logged in.
Require valid-user
# "group admins" restricts access to users who have logged in, AND
# are members of the "admins" group in xymongroups.
# Require group admins</Directory>
I also enabled the following modules. LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule filter_module modules/mod_filter.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule headers_module modules/mod_headers.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule unixd_module modules/mod_unixd.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule cgid_module modules/mod_cgid.so LoadModule dir_module modules/mod_dir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so
Hi,
i also recently upgraded to Apache/2.4.41 and xymon 4.30 and i had the same problem.
I had to change from "Require all granted" to "Require all denied" to block access to? /xymon-seccgi,? but login not work for me
Here the section from ssl.conf :
ScriptAlias /xymon-seccgi/ "/usr/local/xymon/cgi-secure/" <Directory "/usr/local/xymon/cgi-secure"> ??? AllowOverride None ??? Options ExecCGI Includes FollowSymLinks ?? <IfModule mod_authz_core.c> ??????? # Apache 2.4+ ?????? Require all denied ?? </IfModule> ??? <IfModule !mod_authz_core.c> ?????? Order deny,allow ?????? Allow from all ?? </IfModule>
??? # Password file where users with access to these scripts are kept. ??? # Create it with "htpasswd -c /usr/local/xymon/server/etc/xymonpasswd USERNAME" ??? # Add more users / change passwords with "htpasswd /usr/local/xymon/server/etc/xymonpasswd USERNAME" ??? # ??? # You can also use a group file to restrict admin access to members of a ??? # group, instead of anyone who is logged in. In that case you must setup ??? # the "xymongroups" file, and change the "Require" settings to require ??? # a specific group membership. See the Apache docs for more details.
??? AuthUserFile /usr/local/xymon/server/etc/xymonpasswd ??? AuthGroupFile /usr/loca/xymon/server/etc/xymongroups ??? AuthType Basic ??? AuthName "Xymon Administration"
??? # "valid-user" restricts access to anyone who is logged in. ??? Require valid-user
??? # "group admins" restricts access to users who have logged in, AND ??? # are members of the "admins" group in xymongroups. ??? #? Require group admins
</Directory>
Any Ideas ?
Best Regards,
Marco
Il 18/10/2018 22.11, LOZOVSKY, DANIEL L ha scritto:
I recently upgraded to apache 2.4.35 and was having some issues with password file to secure xymon-seccgi.? I got not get apache to read the password file.? To get it to work I had to change from Require all granted to Require all denied. ??Now, it works.? I get prompted to enter username and password.
Here is the section from my httpd.conf file for your reference if you will run into similar problems.
ScriptAlias /xymon-seccgi/ "/opt/app/workload/bbapp/bb/cgi-secure/"
<Directory "/opt/app/workload/bbapp/bb/cgi-secure">
??? AllowOverride None
??? Options ExecCGI Includes
??? <IfModule mod_authz_core.c>
??????? # Apache 2.4+
*Require all denied*
?? ?</IfModule>
??? <IfModule !mod_authz_core.c>
??????? Order deny,allow
??????? Allow from all
??? </IfModule>
??? # Password file where users with access to these scripts are kept.
??? # Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
??? # scripts, files here can be read with the "config" message type,
????# which allows status-privileged clients to read arbitrary regular files
????# from the directory.
????#
????# This file should be owned and readable only by the apache server user,
??? # and ideally merely a symlink to a location outside of $XYMONHOME/etc/
??? #
????# Create it with:
??? #???????? htpasswd -c /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME
??? #???????? chown apache:apache /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? #???????? chmod 640 /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? # Add more users / change passwords with: "htpasswd /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME"
??? #
??? # You can also use a group file to restrict admin access to members of a
??? # group, instead of anyone who is logged in. In that case you must setup
??? # the "xymongroups" file, and change the "Require" settings to require
??? # a specific group membership. See the Apache docs for more details.
??? AuthUserFile /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? AuthGroupFile /opt/app/workload/bbapp/bb/server/etc/xymongroups
??? AuthType Basic
??? AuthName "Xymon Administration"
??? # "valid-user" restricts access to anyone who is logged in.
??????? Require valid-user
??? # "group admins" restricts access to users who have logged in, AND
??? # are members of the "admins" group in xymongroups.
??? # Require group admins
</Directory>
I also enabled the following modules.
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Il 04/10/2019 11.30, Marco Avvisano ha scritto:
Hi,
i also recently upgraded to Apache/2.4.41 and xymon 4.30 and i had the same problem.
I had to change from "Require all granted" to "Require all denied" to block access to? /xymon-seccgi,? but login not work for me
Here the section from ssl.conf :
ScriptAlias /xymon-seccgi/ "/usr/local/xymon/cgi-secure/" <Directory "/usr/local/xymon/cgi-secure"> ??? AllowOverride None ??? Options ExecCGI Includes FollowSymLinks ?? <IfModule mod_authz_core.c> ??????? # Apache 2.4+ ?????? Require all denied ?? </IfModule> ??? <IfModule !mod_authz_core.c> ?????? Order deny,allow ?????? Allow from all ?? </IfModule>
??? # Password file where users with access to these scripts are kept. ??? # Create it with "htpasswd -c /usr/local/xymon/server/etc/xymonpasswd USERNAME" ??? # Add more users / change passwords with "htpasswd /usr/local/xymon/server/etc/xymonpasswd USERNAME" ??? # ??? # You can also use a group file to restrict admin access to members of a ??? # group, instead of anyone who is logged in. In that case you must setup ??? # the "xymongroups" file, and change the "Require" settings to require ??? # a specific group membership. See the Apache docs for more details.
??? AuthUserFile /usr/local/xymon/server/etc/xymonpasswd ??? AuthGroupFile /usr/loca/xymon/server/etc/xymongroups ??? AuthType Basic ??? AuthName "Xymon Administration"
??? # "valid-user" restricts access to anyone who is logged in. ??? Require valid-user
??? # "group admins" restricts access to users who have logged in, AND ??? # are members of the "admins" group in xymongroups. ??? #? Require group admins
</Directory>
Any Ideas ?
Best Regards,
Marco
Il 18/10/2018 22.11, LOZOVSKY, DANIEL L ha scritto:
I recently upgraded to apache 2.4.35 and was having some issues with password file to secure xymon-seccgi.? I got not get apache to read the password file.? To get it to work I had to change from Require all granted to Require all denied. ??Now, it works.? I get prompted to enter username and password.
Here is the section from my httpd.conf file for your reference if you will run into similar problems.
ScriptAlias /xymon-seccgi/ "/opt/app/workload/bbapp/bb/cgi-secure/"
<Directory "/opt/app/workload/bbapp/bb/cgi-secure">
??? AllowOverride None
??? Options ExecCGI Includes
??? <IfModule mod_authz_core.c>
??????? # Apache 2.4+
*Require all denied*
?? ?</IfModule>
??? <IfModule !mod_authz_core.c>
??????? Order deny,allow
??????? Allow from all
??? </IfModule>
??? # Password file where users with access to these scripts are kept.
??? # Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
??? # scripts, files here can be read with the "config" message type,
????# which allows status-privileged clients to read arbitrary regular files
????# from the directory.
????#
????# This file should be owned and readable only by the apache server user,
??? # and ideally merely a symlink to a location outside of $XYMONHOME/etc/
??? #
????# Create it with:
??? #???????? htpasswd -c /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME
??? #???????? chown apache:apache /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? #???????? chmod 640 /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? # Add more users / change passwords with: "htpasswd /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME"
??? #
??? # You can also use a group file to restrict admin access to members of a
??? # group, instead of anyone who is logged in. In that case you must setup
??? # the "xymongroups" file, and change the "Require" settings to require
??? # a specific group membership. See the Apache docs for more details.
??? AuthUserFile /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? AuthGroupFile /opt/app/workload/bbapp/bb/server/etc/xymongroups
??? AuthType Basic
??? AuthName "Xymon Administration"
??? # "valid-user" restricts access to anyone who is logged in.
??????? Require valid-user
??? # "group admins" restricts access to users who have logged in, AND
??? # are members of the "admins" group in xymongroups.
??? # Require group admins
</Directory>
I also enabled the following modules.
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Solved using this conf :
ScriptAlias /xymon-seccgi/ "/usr/local/xymon/cgi-secure/" <Directory "/usr/local/xymon/cgi-secure"> ??? AllowOverride None ??? Options ExecCGI Includes FollowSymLinks
??? AuthUserFile /usr/local/xymon/server/etc/xymonpasswd ??? AuthGroupFile /usr/loca/xymon/server/etc/xymongroups ??? AuthType Basic ??? AuthName "Xymon Administration"
?<RequireAll> ??? # "valid-user" restricts access to anyone who is logged in. ? ? Require valid-user
??? # "group admins" restricts access to users who have logged in, AND ??? # are members of the "admins" group in xymongroups. ? ? Require group admins ? </RequireAll> </Directory>
Best Regards Marco
Il 04/10/2019 11.30, Marco Avvisano ha scritto:
Hi,
i also recently upgraded to Apache/2.4.41 and xymon 4.30 and i had the same problem.
I had to change from "Require all granted" to "Require all denied" to block access to? /xymon-seccgi,? but login not work for me
Here the section from ssl.conf :
ScriptAlias /xymon-seccgi/ "/usr/local/xymon/cgi-secure/" <Directory "/usr/local/xymon/cgi-secure"> ??? AllowOverride None ??? Options ExecCGI Includes FollowSymLinks ?? <IfModule mod_authz_core.c> ??????? # Apache 2.4+ ?????? Require all denied ?? </IfModule> ??? <IfModule !mod_authz_core.c> ?????? Order deny,allow ?????? Allow from all ?? </IfModule>
??? # Password file where users with access to these scripts are kept. ??? # Create it with "htpasswd -c /usr/local/xymon/server/etc/xymonpasswd USERNAME" ??? # Add more users / change passwords with "htpasswd /usr/local/xymon/server/etc/xymonpasswd USERNAME" ??? # ??? # You can also use a group file to restrict admin access to members of a ??? # group, instead of anyone who is logged in. In that case you must setup ??? # the "xymongroups" file, and change the "Require" settings to require ??? # a specific group membership. See the Apache docs for more details.
??? AuthUserFile /usr/local/xymon/server/etc/xymonpasswd ??? AuthGroupFile /usr/loca/xymon/server/etc/xymongroups ??? AuthType Basic ??? AuthName "Xymon Administration"
??? # "valid-user" restricts access to anyone who is logged in. ??? Require valid-user
??? # "group admins" restricts access to users who have logged in, AND ??? # are members of the "admins" group in xymongroups. ??? #? Require group admins
</Directory>
Any Ideas ?
Best Regards,
Marco
Il 18/10/2018 22.11, LOZOVSKY, DANIEL L ha scritto:
I recently upgraded to apache 2.4.35 and was having some issues with password file to secure xymon-seccgi.? I got not get apache to read the password file.? To get it to work I had to change from Require all granted to Require all denied. ??Now, it works.? I get prompted to enter username and password.
Here is the section from my httpd.conf file for your reference if you will run into similar problems.
ScriptAlias /xymon-seccgi/ "/opt/app/workload/bbapp/bb/cgi-secure/"
<Directory "/opt/app/workload/bbapp/bb/cgi-secure">
??? AllowOverride None
??? Options ExecCGI Includes
??? <IfModule mod_authz_core.c>
??????? # Apache 2.4+
*Require all denied*
?? ?</IfModule>
??? <IfModule !mod_authz_core.c>
??????? Order deny,allow
??????? Allow from all
??? </IfModule>
??? # Password file where users with access to these scripts are kept.
??? # Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
??? # scripts, files here can be read with the "config" message type,
????# which allows status-privileged clients to read arbitrary regular files
????# from the directory.
????#
????# This file should be owned and readable only by the apache server user,
??? # and ideally merely a symlink to a location outside of $XYMONHOME/etc/
??? #
????# Create it with:
??? #???????? htpasswd -c /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME
??? #???????? chown apache:apache /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? #???????? chmod 640 /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? # Add more users / change passwords with: "htpasswd /opt/app/workload/bbapp/bb/server/etc/xymonpasswd USERNAME"
??? #
??? # You can also use a group file to restrict admin access to members of a
??? # group, instead of anyone who is logged in. In that case you must setup
??? # the "xymongroups" file, and change the "Require" settings to require
??? # a specific group membership. See the Apache docs for more details.
??? AuthUserFile /opt/app/workload/bbapp/bb/server/etc/xymonpasswd
??? AuthGroupFile /opt/app/workload/bbapp/bb/server/etc/xymongroups
??? AuthType Basic
??? AuthName "Xymon Administration"
??? # "valid-user" restricts access to anyone who is logged in.
??????? Require valid-user
??? # "group admins" restricts access to users who have logged in, AND
??? # are members of the "admins" group in xymongroups.
??? # Require group admins
</Directory>
I also enabled the following modules.
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
participants (2)
-
dl1025@att.com
-
marco.avvisano@regione.toscana.it