search

dj-wasabi / ansible-zabbix-web

Installing and maintaining zabbix-web for RedHat/Debian/Ubuntu.
https://galaxy.ansible.com/dj-wasabi/zabbix-web/
MIT License
25 stars 56 forks source link

Security problem apache 2.4 config #38

Closed kvakanet closed 6 years ago

kvakanet commented 6 years ago

Describe the bug Create vhost file for apache 2.4 not correct. In apache 2.2 subdirectory deny all but for apache 2.4 subdirectory allow all.

{% for my_path in directory_paths %}
  <Directory "{{ my_path }}">
  {% if apache_version|string() == '2.4' %}
    Require all granted
  {% else %}
    AllowOverride None
    Order Deny,Allow
    Deny from all
  {% endif %}
</Directory>

Example rules from apache site http://httpd.apache.org/docs/current/upgrading.html

Installation method/version

Ansible Version

ansible 2.7.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

Targetted hosts Concerns the following OS(es):

Expected behavior

{% for my_path in directory_paths %}
  <Directory "{{ my_path }}">
  {% if apache_version|string() == '2.4' %}
    Require all denied
  {% else %}
    AllowOverride None
    Order Deny,Allow
    Deny from all
  {% endif %}
</Directory>

Require all granted -> Require all denied