From 0132c8f8b09782a02a8bc364ed76a8c9623b07f0 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Mon, 12 Dec 2011 11:39:07 -0700 Subject: [PATCH] tweak mod_security rules Unfortunately, when Apache includes conf.d/*, the "c" in cacti.conf comes before "m" in mod_security.conf. This means we can't use the IfModule directive here to detect the installation of mod_security. Remove the IfModule section, and just provide instructions to users. Users will have to manually un-comment the two mod_security overrides. (Better than nothing.) --- cacti-httpd.conf | 17 +++++++++-------- cacti.README.Fedora | 3 +++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/cacti-httpd.conf b/cacti-httpd.conf index 4d4c26b..e888f31 100644 --- a/cacti-httpd.conf +++ b/cacti-httpd.conf @@ -11,14 +11,15 @@ Alias /cacti /usr/share/cacti Order Deny,Allow Deny from all Allow from 127.0.0.1 - - # mod_security overrides - - # allow POST of application/x-www-form-urlencoded during install - SecRuleRemoveById 960010 - # permit the specification of the rrdtool paths during install - SecRuleRemoveById 900011 - + + + + # mod_security overrides. + # Uncomment these if you use mod_security. + # allow POST of application/x-www-form-urlencoded during install + #SecRuleRemoveById 960010 + # permit the specification of the rrdtool paths during install + #SecRuleRemoveById 900011 diff --git a/cacti.README.Fedora b/cacti.README.Fedora index acb284b..2506536 100644 --- a/cacti.README.Fedora +++ b/cacti.README.Fedora @@ -8,6 +8,9 @@ For more information about setting up the database please read: docs/INSTALL +Cacti's install procedure is not fully compatible with mod_security. If you use +mod_security, please uncomment the SecRuleRemoveById lines in +/etc/http/conf.d/cacti.conf. As of Feb. 6, 2006 Cacti does not work correctly with SELinux. This will change in the future. If you're having issues getting Cacti to work properly