tweak mod_security rules

Unfortunately, when Apache includes conf.d/*, the "c" in cacti.conf
comes before "m" in mod_security.conf. This means we can't use the
IfModule directive here to detect the installation of mod_security.

Remove the IfModule section, and just provide instructions to users.
Users will have to manually un-comment the two mod_security overrides.
(Better than nothing.)
This commit is contained in:
Ken Dreyer 2011-12-12 11:39:07 -07:00
parent 6e9a19a762
commit 0132c8f8b0
2 changed files with 12 additions and 8 deletions

View File

@ -11,14 +11,15 @@ Alias /cacti /usr/share/cacti
Order Deny,Allow Order Deny,Allow
Deny from all Deny from all
Allow from 127.0.0.1 Allow from 127.0.0.1
</Directory>
# mod_security overrides <Directory /usr/share/cacti/install>
<IfModule security2_module> # mod_security overrides.
# allow POST of application/x-www-form-urlencoded during install # Uncomment these if you use mod_security.
SecRuleRemoveById 960010 # allow POST of application/x-www-form-urlencoded during install
# permit the specification of the rrdtool paths during install #SecRuleRemoveById 960010
SecRuleRemoveById 900011 # permit the specification of the rrdtool paths during install
</IfModule> #SecRuleRemoveById 900011
</Directory> </Directory>

View File

@ -8,6 +8,9 @@ For more information about setting up the database please read:
docs/INSTALL docs/INSTALL
Cacti's install procedure is not fully compatible with mod_security. If you use
mod_security, please uncomment the SecRuleRemoveById lines in
/etc/http/conf.d/cacti.conf.
As of Feb. 6, 2006 Cacti does not work correctly with SELinux. This will As of Feb. 6, 2006 Cacti does not work correctly with SELinux. This will
change in the future. If you're having issues getting Cacti to work properly change in the future. If you're having issues getting Cacti to work properly