tweak mod_security rules

Unfortunately, when Apache includes conf.d/*, the "c" in cacti.conf
comes before "m" in mod_security.conf. This means we can't use the
IfModule directive here to detect the installation of mod_security.

Remove the IfModule section, and just provide instructions to users.
Users will have to manually un-comment the two mod_security overrides.
(Better than nothing.)
This commit is contained in:
Ken Dreyer 2011-12-12 11:39:07 -07:00
parent 6e9a19a762
commit 0132c8f8b0
2 changed files with 12 additions and 8 deletions

View File

@ -11,14 +11,15 @@ Alias /cacti /usr/share/cacti
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
# mod_security overrides
<IfModule security2_module>
# allow POST of application/x-www-form-urlencoded during install
SecRuleRemoveById 960010
# permit the specification of the rrdtool paths during install
SecRuleRemoveById 900011
</IfModule>
</Directory>
<Directory /usr/share/cacti/install>
# mod_security overrides.
# Uncomment these if you use mod_security.
# allow POST of application/x-www-form-urlencoded during install
#SecRuleRemoveById 960010
# permit the specification of the rrdtool paths during install
#SecRuleRemoveById 900011
</Directory>

View File

@ -8,6 +8,9 @@ For more information about setting up the database please read:
docs/INSTALL
Cacti's install procedure is not fully compatible with mod_security. If you use
mod_security, please uncomment the SecRuleRemoveById lines in
/etc/http/conf.d/cacti.conf.
As of Feb. 6, 2006 Cacti does not work correctly with SELinux. This will
change in the future. If you're having issues getting Cacti to work properly