disable not always working in 4.3.25
I can disable tests when I use https://x.foo.com/xymon-seccgi/enadis.sh
but when I try to disable tests from a host's "info" page, it quietly fails.
https://x.foo.com/xymon-cgi/svcstatus.sh?HOST=y.foo.com&SERVICE=info
I suspect this is related to the cgi_refererok function added to lib/cgi.c I can see there may be a chance at some logging, but I can't figure out which module on which to enable --debug.
Can someone tell me where I will find the output from cgi_refererok
errprintf("Disallowed request due to missing HTTP_HOST variable\n"); or from enadis.c dbgprintf("Not coming from self or svcstatus; abort\n");
-- Do things because you should, not just because you can.
John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska
On Wed, February 10, 2016 11:14 am, John Thurston wrote:
I can disable tests when I use https://x.foo.com/xymon-seccgi/enadis.sh
but when I try to disable tests from a host's "info" page, it quietly fails.
https://x.foo.com/xymon-cgi/svcstatus.sh?HOST=y.foo.com&SERVICE=info
I suspect this is related to the cgi_refererok function added to lib/cgi.c I can see there may be a chance at some logging, but I can't figure out which module on which to enable --debug.
Can someone tell me where I will find the output from cgi_refererok
errprintf("Disallowed request due to missing HTTP_HOST variable\n"); or from enadis.c dbgprintf("Not coming from self or svcstatus; abort\n");
Sigh.
There are actually two bugs here:
- 'info' pages cannot run the javascript validating used for actually submitting the page to enadis.sh, and
- the 'enadis.sh' page incorrectly redirecting afterwards when it's finished with its processing.
The following two patches should fix these both. (Tested on Chrome, but not yet Firefox.) If you can validate them, that would be helpful.
-jc
participants (2)
-
cleaver@terabithia.org
-
john.thurston@alaska.gov