Hello ;
Info needed please. See my previous post. This is the last ticket remaining for next release...
Hello ;
Info needed please. See my previous post. This is the last ticket remaining for next release...
Sorry, i do not receive emails, if you post here. Would be great, if you do this next time in the ticket.
The failed config was not in the munin vhost, it was in /etc/apache2/sites-available/01_awstats.conf
There was a "Deny from all" but no "Allow from localhost".
The munin vhost is okay:
Everything is working great, now.
Hello ;
Should be solved in last Git Master.
See:
https://github.com/i-MSCP/imsc…0adec45b50b6149eaf0028169
https://github.com/i-MSCP/imsc…e30a8208824604d773e80d626
This is a compromise allowing the default applications as set by most Debian package to work.
Important:
If you have any sensible directories located under /var/www, which you want protect, you must add an .htaccess file into them with the following limit directives:
Indeed, the fix as referenced above allow access to any file located under /var/www excepted the imscp, virtual and scoreboards directories, which are explicitely protected throught the 01_awstats.conf file. without such a configuration snipped, any user can access any file from those directories using a PHP script. For instance:
Here, this example need the allow_url_fopen PHP option set to on (which is the case for many users). But many other solution exists.
Thanks to Daniel (Sci2tech) for its explanation about how to reproduce this security hole.
Note: If you want really allow access from localhost to any directory, you can use the following hook file (compatible with last Git Master):
File /etc/imscp/hooks.d/10_apache_localhost.pl
Nach dem Update von 1.1.13 auf 1.1.18 erhalte ich beim munin den 403 Error. Allow from All ist in der apache conf eingetragen. Vor dem Update funktionierte es auch ohne Probleme.
Die Berechtigungen sollten eigentlich passen. Oder an welcher Stellschraube kann man noch drehen?
Hello ;
Any administrator should be able to solve such permission problems easily by adding the needed directives in the munin virtualhost.
In the latest i-MSCP versions, the configuration has been revisited to prevent the www-data user accessing the entire file system, and also to prevent the www-data user accessing files which are referenced by symlinks that are not owned by the owner of those symlinks. Thus with those information, you should now be able to adjust your configuration to make munin working. If you don't have the sufficient knowledge for Apache, you must post your current configuration for munin here (only the Apache part) and then, we will be able to give you some advises.
/etc/munin/apache.conf:
Thanks
Hat evtl. noch jemand dieses Problem? Ich bekomme weiterhin die "Forbidden" Meldung beim Aufruf von munin. Vielleicht hat ja noch jemand einen Tipp. Danke euch