Bug #2896

Access denied to server-manager from second green network

Added by Davide Principi almost 7 years ago. Updated almost 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-base
Target version:v6.5
Security class: Resolution:
Affected version:v6.5-final NEEDINFO:No

Description

The server manager Apache configuration allows access only from the first green network. Seems other green network address are not added to Allow from Apache directive in /etc/httpd/admin-conf/httpd.conf.

Steps to reproduce

  • have two green networks
  • remove default wildcard 0.0.0.0/0.0.0.0 from Remote access page
  • Execute
       $ curl -k -v -L https://<second-green-ip>:980
    [...]
    < HTTP/1.1 403 Forbidden
    < Date: Mon, 06 Oct 2014 08:14:40 GMT
    * Server Apache is not blacklisted
    < Server: Apache
    < Content-Length: 202
    < Content-Type: text/html; charset=iso-8859-1
    < 
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don't have permission to access /
    on this server.</p>
    </body></html>
    

Additional informations
The Allow from directive results from esmith::NetworksDB->local_access_spec() method execution.

Associated revisions

Revision f89628ea
Added by Giacomo Sanchietti almost 7 years ago

Networks lib: handle multiple green interfaces. Refs #2896

History

#1 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti almost 7 years ago

  • Category set to nethserver-base
  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-base-2.3.0-16.0gitf89628ea.ns6.noarch.rpm
Test case
  • The bug should not be reproducible
  • Check that all green interfaces are listed inside the httpd.conf:
    grep "Allow from 127.0.0.1" /etc/httpd/admin-conf/httpd.conf
    

#5 Updated by Davide Principi almost 7 years ago

  • Assignee set to Davide Principi

#6 Updated by Davide Principi almost 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

All my green networks are listed:

    # grep "Allow from 127.0.0.1" /etc/httpd/admin-conf/httpd.conf
       Allow from 127.0.0.1 192.168.8.0/255.255.255.0 192.168.9.0/255.255.255.0 0.0.0.0/0.0.0.0

#7 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Packages released in nethserver-updates:
  • nethserver-base-2.5.0-1.ns6.noarch.rpm

Also available in: Atom PDF