I am trying to get OpenDLP to work on my system. For those not familiar with this, only think of it as a perl website.
I mostly prepared everything, except that UI gives errors.
After some digging and debugging, I found out that my Perl scripts are running under directory '/'! And when pages try to read '../etc/db_admin' they won't find it and throw error.
My vhost config for this ui:
<VirtualHost opendlp.local:443>
ServerAdmin vahid.fazl2000#engineer.com
DocumentRoot "/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin"
ServerName opendlp.local:443
ErrorLog "/var/log/httpd/opendlp-error_log"
CustomLog "/var/log/httpd/opendlp-access_log" common
Include conf/extra/httpd-opendlp.conf
<Directory "/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin">
AddHandler perl-script .pl .html
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
PerlOptions +ParseHeaders
AllowOverride All
Options All
Require method GET POST OPTIONS
</Directory>
</VirtualHost>
and here is httpd.opendlp.conf
Alias /OpenDLP/images/ /home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin/images
<Directory "/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin/images/">
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
#AuthType Basic
#AuthName "OpenDLP"
#AuthUserFile /etc/apache2/.htpasswd.dlp.user
#Require user dlpuser
</Directory>
ScriptAlias /OpenDLP/ "/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin/"
ScriptAlias /cgi-bin/ "/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin/"
<Directory "/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin/results/">
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
#AuthType Basic
#AuthName "OpenDLP"
#AuthUserFile /etc/apache2/.htpasswd.dlp.agent
#Require user ddt
</Directory>
<Directory "/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin/">
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
#AuthType Basic
#AuthName "OpenDLP"
#AuthUserFile /etc/apache2/.htpasswd.dlp.user
#Require user dlpuser
</Directory>
#Also add this stuff to the Apache config file:
# taken from http://hausheer.osola.com/docs/9
SSLEngine on
#SSLVerifyClient require
SSLCertificateFile /home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/server.crt
SSLCertificateKeyFile /home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/server.key
SSLCACertificateFile /home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/server.crt
I haven't tried Perl for web before, and I am not familiar with mod_perl and its options. I have googled for this, but it seems that I don't know where to look (except here, of course :-) )
BTW, I'm on Arch Linux x64 if it matters.
Thanks in advance
EDIT: Here is some more info on errors.
This is the error I get when I visit https://opendlp.local/profiles-manage.html
No such file or directory at /home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin/profiles-manage.html line 29.
And here is line 29 (and around it) of file:
use CGI qw/:standard/;
use DBI;
use Cwd qw();
my $version = get_version();
my $db_admin_file = "../etc/db_admin";
my( $db_username, $db_password ) = "";
open( DB, $db_admin_file ) or die $!; # LINE 29
my $db_line = <DB>;
close( DB );
chomp $db_line;
($db_username, $db_password) = split( ":", $db_line );
header();
print "<heading>Manage existing scan profiles</heading><normal><br><br>\n";
I have added use Cwd myself (googled, actually) and checked working directory, which is /.
Change DocumentRoot to
/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web
instead of
/home/vahid/Downloads/OpenDLP-0.5.1/OpenDLP/web/bin"
Then in your script:
my $db_admin_file = "etc/db_admin";
You have "cannot find file" error because your code runs on a virtual host where the directory you set as Document Root is regarded as root directory (/). You cannot "go behind" a root directory,
Related
I was trying installing roundcube on my apache2,ISPCONFIG3 server, on my LAN using :
https://www.howtoforge.com/using-roundcube-webmail-with-ispconfig-3-on-debian-wheezy-apache2
with the following changes :
remoteuser roundcube
pass password809098
and
https://www.rosehosting.com/blog/how-to-install-roundcube-webmail-on-ubuntu-20-04/
with these changes :
GRANT ALL PRIVILEGES ON roundcube.* TO roundcubeuser#localhost IDENTIFIED BY 'password';
nano /etc/apache2/sites-available/roundcube.jungsf.tv.conf
a2ensite roundcube.jungsf.tv
<VirtualHost *:80>
ServerName roundcube.jungsf.tv
DocumentRoot /var/www/roundcube/
ErrorLog ${APACHE_LOG_DIR}/roundcube.jungsf.tv_error.log
CustomLog ${APACHE_LOG_DIR}/roundcube.jungsf.tv_access.log combined
Options FollowSymLinks
<Directory "/var/www/roundcube/">
AllowOverride All
</Directory>
Options FollowSymLinks MultiViews
<Directory "/var/www/roundcube/">
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
I managed at end to get the roundcube web interface through http://jungsf.tv/webmail
but it still doesn't log in, I don't know which password/username should be,
I tried all combinations roundcube/roundcubeuser/email .... password,PASSWORD,password809098
how can I find the user/pass or how can I delet everything to reinstall it ?
I saw this plugin to set pass, but how can I use it ?
https://github.com/saas-dev/roundcube-forgot_password
I managed to work it by creating mailbox in ispconfig3, there I entered email and pass which are used to login in roundcube.
I am working with Apache .conf files on Fedora 30.
In /etc/httpd/conf/httpd.conf, there is :
<Directory />
AllowOverride none
Require all denied
</Directory>
There is also :
DocumentRoot "/var/www/html"
That means that "localhost" starts from this "/var/www/html" repertory.
Question 1 : What is the use of "Require all denied" for Directory "/" whereas DocumentRoot is at a lower level (so the server will not serve any files in higher level repertories) ?
At the end of httpd.conf, there is :
IncludeOptional conf.d/*.conf
So I create a personal.conf in "/etc/httpd/conf.d" ; inside I set :
<Directory "/var/www">
AllowOverride None
Require all denied
</Directory>
I restart Apache (systemctl restart httpd.service) but the localhost/index.html (aka "DocumentRoot"/index.html or "/var/www/html"/index.html) is still available.
It acts as if this Directive in httpd.conf was prioritary :
<Directory "/var/www/html">
Require all granted
</Directory>
Question 2 : So what is the use of "Require all denied" on a higher level repository ?
Thank you for your help :)
Question 1 : What is the use of "Require all denied" for Directory "/" whereas DocumentRoot is at a lower level (so the server will not serve any files in higher level repertories) ?
Question 2 : So what is the use of "Require all denied" on a higher level repository ?
The server could easily serve files below the document root if the Require all denied wasn't there, you only need a small misconfiguration in your server. Imagine for example an Alias like
Alias /etc /etc
which would allow you to read the password file from http://localhost/etc/passwd or other sensitive stuff. With the default configuration you would need an explicit override like
<Directory /etc>
Require all granted
</Directory>
to do this.
The directive
<Directory />
AllowOverride none
Require all denied
</Directory>
is used to prevent any access below your /var/www/html directory as a security mechanism ("be as restrictive as possible").
thank you for your answer.
Now for question 2 ; let's imagine a house : outdoor [door 1] hall [door 2] corridor [door 3] living-room.
In /etc/httpd/conf/httpd.conf, I close the front door [door 1] of the house
<Directory />
AllowOverride none
Require all denied
</Directory>
I open the door between the hall and the corridor [door 2]
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
I open the door between the corridor and the living-room [door 3]
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
Then in a personal.conf file in "/etc/httpd/conf.d" I close the door between the hall and the corridor [door 2] :
<Directory "/var/www">
AllowOverride None
Require all denied
</Directory>
Why is the living-room still accessible (localhost/index.html or /var/www/html/index.html is accessible) whereas the [door 2] is closed ?
I need to be explicit :
<Directory "/var/www/html">
AllowOverride None
Require all denied
</Directory>
in personal.conf
To get the "Forbidden You don't have permission to access this resource." message...
Thanks again.
After upgrading from apache 2.2 to 2.4 I have a strange apache config error. My vhost config file contains the following directory directive:
<Directory "C:/data/projectx/src/htdocs">
Options None
AllowOverride None
#Order allow,deny # old config style
#Allow from all # old config style
Require all granted # new config style (replaces both rules above)
</Directory>
Which is conform with the new directive syntax. However, when I start apache I get this message, indicating some error on the Require all directive:
AH00526: Syntax error on line 22 of C:/data/projectx/src/admin/local.conf:
Argument for 'Require all' must be 'granted' or 'denied'
Obviously the error is somewhat misleading, as everything is correct. What is wrong with this directive?
Solution: remove the comment after the Require all directive:
<Directory "C:/data/projectx/src/htdocs">
Options None
AllowOverride None
#Order allow,deny # old config style
#Allow from all # old config style
# -->> moved comment into own line: new config style ...
Require all granted
</Directory>
I'm trying to get the Munin webpage working under Apache2 via SSL on Debian Etch. My config for the website is:
NameVirtualHost 1.2.3.4:80
<VirtualHost www.mydomain.org:80>
ServerName www.mydomain.org
...
<Directory /var/www/https>
AllowOverride None
Order deny,allow
Deny from all
</Directory>
...
</VirtualHost>
<VirtualHost www.mydomain.org:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/https/
SSLEngine On
SSLCertificateFile /etc/blah
SSLCertificateKeyFile /etc/blah
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
...
<LOCATION /munin>
Options Indexes FollowSymLinks MultiViews
AuthType Basic
AuthName "Munin Users"
AuthUserFile /etc/apache2/auth-files/munin
<limit GET PUT POST>
require valid-user
</limit>
Order allow,deny
allow from all
</LOCATION>
...
</VirtualHost>
Munin is configured to use the directory and the files are created and refereshed in the proper location. I can go to https://www.mydomain.org/munin/, enter a username and password, and see the top page fine. But when I try to drill down to the actual information, I get a 404 error:
Not Found
The requested URL /munin/localdomain/localhost.localdomain/apache_accesses.html was not found on this server.
The URL listed is the same URL that's in the URL of the browser window. But when I look in the error log, I see:
File does not exist: /var/cache/munin/www/localdomain/localhost.localdomain/apache_accesses.html, referer: https://www.mydomain.org/munin/localdomain/index.html
The index.html file lists the file name as localdomain/localhost.localdomain/apache_accesses.html.
I do not have the cache module loaded:
root#etch:/etc/apache2/mods-enabled# ls
alias.conf authz_default.load autoindex.load dir.conf mime.load reqtimeout.conf ssl.load alias.load authz_groupfile.load cgi.load dir.load negotiation.conf reqtimeout.load status.conf auth_basic.load authz_host.load dav.load env.load negotiation.load rewrite.load status.load auth_digest.load authz_user.load dav_fs.conf include.load php5.conf setenvif.conf authn_file.load autoindex.conf dav_fs.load mime.conf php5.load setenvif.load
I do not have any directives to enable caching in my apache config:
root#etch:/etc/apache2# grep -i cache *
apache2.conf:#SSLSessionCache dbm:/var/cache/apache2/ssl_cache
apache2.conf:SSLSessionCache none
(The dbm cache line is commented out and I've restarted apache numerous times.)
root#etch:/etc/apache2/sites-enabled# grep -i cache *
(zero lines returned.)
So why in the heck is apache trying to load the files from the /var/cache directory rather than the /var/www/https/munin directory? Any help greatly appreciated.
I do not know for certain how it works on Debian, but the Ubuntu package for munin creates a config file in /etc/apache2/conf.d/munin.
This config file specifies an alias for /munin : Alias /munin /var/cache/munin/www
/var/cache/munin/www is the default htmldir value for recent munin versions.
I have setup my repo at /home/adil/hg/sample-repo and want to serve it via httpd. I am following the tutorial at https://www.mercurial-scm.org/wiki/PublishingRepositories#multiple and have created the hgweb.config file and have copied hgweb.cgi (renamed it to index.cgi) to /home/adil/web/mercurial/
My apache config (/etc/httpd/conf/httpd.conf) looks like this :
ScriptAlias /hg "/home/adil/web/mercurial/index.cgi"
<Directory "/home/adil/web/mercurial">
Order allow,deny
Allow from all
AllowOverride All
Options ExecCGI
AddHandler cgi-script .cgi
</Directory>
index.cgi, hgweb.config and all the dirs upwards have world read permissions
http://localhost/hg gives a "403 Forbidden" error. WTF?
PS: Apache error log shows :
[Sun Oct 17 06:45:38 2010] [error] [client 1.2.3.4] (13)Permission denied: access to /hg denied
I'm not an Apache config expert by any means, but I was experiencing this error and managed to get rid of it.
Before I did, I was getting this error in my error_log: client denied by server configuration: /Users/svn/Public/hg/hgwebdir.cgi
This was my original config:
ScriptAlias /hg "/Users/svn/Public/hg/hgwebdir.cgi"
<Location /hg>
AuthType Basic
AuthName "Mercurial Repositories"
AuthUserFile /Users/svn/Public/hg/auth
Require valid-user
</Location>
I added some options:
ScriptAlias /hg "/Users/svn/Public/hg/hgwebdir.cgi"
<Location /hg>
Options ExecCGI FollowSymLinks
Options None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Mercurial Repositories"
AuthUserFile /Users/svn/Public/hg/auth
Require valid-user
</Location>
I tried Pablo's version too - one problem I experienced was that "ScriptAliasMatch ^/hg(.*)" was capturing the hg logo and stylesheets needed to render the browser repo explorer. I'm not sure if this even applies to hgweb.cgi because I don't use that one, but it was definitely an issue while using hgwebdir.cgi. Specifically: script not found or unable to stat: /Users/svn/Public/hg/hgweb.cgilogo.png
Probably Apache's process owner does not have permissions to access /home/adil/web/mercurial.
Also, do check Apache's error log (usually located in /var/log/httpd-error.log or some place similar. It will give you extra information to debug your installation.
To check what's the user running Apache's process do:
$ ps aux | grep http
ps should show what's the user running Apache.
Also, in case it helps, here's the way I do it:
ScriptAliasMatch ^/hg(.*) /usr/local/share/mercurial/www/hgweb.cgi$1
<Directory /usr/local/share/mercurial/www>
Options ExecCGI FollowSymLinks
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>