Item2493: Support.ApacheConfigGenerator: protect /bin/configure command not 100% perspicuous

pencil
Priority: Normal
Current State: Closed
Released In:
Target Release: n/a
Applies To: Web Site
Component: ApacheConfigGenerator
Branches:
Reported By: TobiasVonDerKrone
Waiting For:
Last Change By: MarkusUeberall
The section 'Protect the bin/configure command' in the ApacheConfigGenerator is not 100% perspicious: I miss two radio buttons with the content: 'and' and 'or' so that if you specifiy a IP and a user name you have the choice that the config allow
  1. acces from the IP OR with the username
  2. acces from the IP AND with the username

So in case 1. the apache config has the entry Satisfy Any:
<FilesMatch "^(configure)$">
    SetHandler cgi-script
    Order Deny,Allow
    Deny from all
    Allow from localhost 192.168.0.123
    Require user TobiasVonDerKrone
    Satisfy Any
</FilesMatch>

and in case 2. Satisfy All:
<FilesMatch "^(configure)$">
    SetHandler cgi-script
    Order Deny,Allow
    Deny from all
    Allow from localhost 192.168.0.123
    Require user TobiasVonDerKrone
    Satisfy All
</FilesMatch>

Also the section is misspelled: there is
  • 'Protect the bin/confgure command' but should
  • 'Protect the bin/configure command'

-- TobiasVonDerKrone - 11 Dec 2009

Interestingly, these radio buttons have been part of the forementioned section since GeorgeClark introduced it in revision 35 of ApacheConfigGenerator (look for variable REQANDOR), but they are commented out.

Should we simply enable them and add a reference to Support.ProtectingYourConfiguration above the FilesMatch block for further explanation?

-- MarkusUeberall - 11 Dec 2009

Enabling the button and adding a reference would be a great idea. If I can help testing (or something else) please let me know.

-- TobiasVonDerKrone - 11 Dec 2009

Ok, even on second thought, I couldn't come up with a reason not to include this as long as it's documented properly at both places (form above/generated configuration below). I'll have a look at this tonight; you could try to change it yourself and beat me to it, though (since this topic is self-contained w.rt.t. the code, you can alway create a (local) sandbox copy if you're unsure, but this should only take a minor edit) smile

-- MarkusUeberall - 11 Dec 2009

Changed ApacheConfigGenerator and added an example to ProtectingYourConfiguration Please review.

-- TobiasVonDerKrone - 11 Dec 2009

Thanks for your input. I slightly modified both topics (shortening the examples under the first and inserting mentioned reference as well as adding an if clause under the second one) and tested all eight cases.

Closing this task. smile

-- MarkusUeberall - 11 Dec 2009

ItemTemplate edit

Summary ApacheConfigGenerator: protect /bin/configure command not 100% perspicuous
ReportedBy TobiasVonDerKrone
Codebase 1.0.8
SVN Range
AppliesTo Web Site
Component ApacheConfigGenerator
Priority Normal
CurrentState Closed
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn
Topic revision: r6 - 11 Dec 2009, MarkusUeberall
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy