75b8883bd9
mod_security blocks a cacti upgrade procedure. Override and document the two rules that cause problems. This could probably be tightened down to apply only to the "install" directory.
36 lines
853 B
Plaintext
36 lines
853 B
Plaintext
#
|
|
# Cacti: An rrd based graphing tool
|
|
#
|
|
|
|
# Change "Allow from 127.0.0.1" to open up cacti to other network devices.
|
|
# For example, change "Allow from 127.0.0.1" to "Allow from all".
|
|
|
|
Alias /cacti /usr/share/cacti
|
|
|
|
<Directory /usr/share/cacti/>
|
|
Order Deny,Allow
|
|
Deny from all
|
|
Allow from 127.0.0.1
|
|
|
|
# mod_security overrides
|
|
<IfModule security2_module>
|
|
# allow POST of application/x-www-form-urlencoded during install
|
|
SecRuleRemoveById 960010
|
|
# permit the specification of the rrdtool paths during install
|
|
SecRuleRemoveById 900011
|
|
</IfModule>
|
|
</Directory>
|
|
|
|
|
|
# The sections marked "deny from all" should not be modified.
|
|
# These are in place in order to harden cacti.
|
|
<Directory /usr/share/cacti/log>
|
|
order deny,allow
|
|
Deny from all
|
|
</Directory>
|
|
<Directory /usr/share/cacti/rra>
|
|
order deny,allow
|
|
Deny from all
|
|
</Directory>
|
|
|