juju4
commented
5 years ago Thanks for the report. How did you assess that it listens "only" to ipv6?
https://httpd.apache.org/docs/2.4/bind.html#ipv6
One complicating factor for httpd administrators is whether or not an IPv6 socket can handle both IPv4 connections and IPv6 connections. Handling IPv4 connections with an IPv6 socket uses IPv4-mapped IPv6 addresses, which are allowed by default on most platforms, but are disallowed by default on FreeBSD, NetBSD, and OpenBSD, in order to match the system-wide policy on those platforms. On systems where it is disallowed by default, a special configure parameter can change this behavior for httpd. On the other hand, on some platforms, such as Linux and Tru64, the only way to handle both IPv6 and IPv4 is to use mapped addresses. If you want httpd to handle IPv4 and IPv6 connections with a minimum of sockets, which requires using IPv4-mapped IPv6 addresses, specify the --enable-v4-mapped configure option. --enable-v4-mapped is the default on all platforms except FreeBSD, NetBSD, and OpenBSD, so this is probably how your httpd was built. If you want httpd to handle IPv4 connections only, regardless of what your platform and APR will support, specify an IPv4 address on all Listen directives, as in the following examples:
adding IP is only needed if want to listen only ipv4 or only ipv6. both is the default
Krypterya
Dear juju4,
Currently with the Template file "templates/apache2-misp.conf.j2" and the config file "defaults/main.yaml", the listening port doesn't have a host/IP specified.
This can cause some issues, wherein the httpd server might listen only on IPv6, thus not responding to requests made on IPv4.
A solution would be to add a variable for the "misp_listening_ip" and put in front of the listening port in the template. templates/apache2-misp.conf.j2 -> Line 6
Listen {{ misp_listening_ip }}:{{ misp_base_port }}The issue was observed on a fresh CentOS7 install using your Ansible Playbook.
Best regards, Krypterya