Bug #2896
Access denied to server-manager from second green network
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | v6.5 | |||
Security class: | Resolution: | |||
Affected version: | v6.5-final | NEEDINFO: | No |
Description
The server manager Apache configuration allows access only from the first green network. Seems other green network address are not added to Allow from
Apache directive in /etc/httpd/admin-conf/httpd.conf
.
Steps to reproduce
- have two green networks
- remove default wildcard
0.0.0.0/0.0.0.0
from Remote access page - Execute
$ curl -k -v -L https://<second-green-ip>:980 [...] < HTTP/1.1 403 Forbidden < Date: Mon, 06 Oct 2014 08:14:40 GMT * Server Apache is not blacklisted < Server: Apache < Content-Length: 202 < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access / on this server.</p> </body></html>
Additional informations
The Allow from
directive results from esmith::NetworksDB->local_access_spec()
method execution.
Associated revisions
Networks lib: handle multiple green interfaces. Refs #2896
History
#1 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti almost 7 years ago
- Category set to nethserver-base
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#4 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Package in nethserver-testing:
- nethserver-base-2.3.0-16.0gitf89628ea.ns6.noarch.rpm
- The bug should not be reproducible
- Check that all green interfaces are listed inside the httpd.conf:
grep "Allow from 127.0.0.1" /etc/httpd/admin-conf/httpd.conf
#5 Updated by Davide Principi almost 7 years ago
- Assignee set to Davide Principi
#6 Updated by Davide Principi almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
All my green networks are listed:
# grep "Allow from 127.0.0.1" /etc/httpd/admin-conf/httpd.conf Allow from 127.0.0.1 192.168.8.0/255.255.255.0 192.168.9.0/255.255.255.0 0.0.0.0/0.0.0.0
#7 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Packages released in nethserver-updates:
- nethserver-base-2.5.0-1.ns6.noarch.rpm