Browse Source

Reflect openstacklib options for apache::vhost resources

It was discovered that Directory Index was enabled by default, leading
to potential leak of data.

A patch was done in puppet-openstacklib[1], but horizon doesn't use this
common lib, meaning it wasn't properly fixed.

[1] change id Icba53f4e32237556608f4cb6dcd9da1a71705c19

Related-Bug: #1854442
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1729423

Change-Id: Ife921f8409f58b70c5da4c344e330eec56669e20
(cherry picked from commit 7ec0c090eb)
(cherry picked from commit bacf1cb9e5)
changes/00/711900/1
Cédric Jeanneret 4 months ago
parent
commit
5a91c7d22d
1 changed files with 2 additions and 0 deletions
  1. +2
    -0
      manifests/wsgi/apache.pp

+ 2
- 0
manifests/wsgi/apache.pp View File

@@ -267,6 +267,7 @@ class horizon::wsgi::apache (
ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, {
redirectmatch_regexp => $redirectmatch_regexp_real,
redirectmatch_dest => $redirectmatch_url_real,
options => ['-Indexes', '+FollowSymLinks','+MultiViews'],
}))
ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, {
access_log_file => 'horizon_ssl_access.log',
@@ -279,6 +280,7 @@ class horizon::wsgi::apache (
wsgi_process_group => 'horizon-ssl',
redirectmatch_regexp => $root_url ? { '' => undef, '/' => undef, default => '^/$' },
redirectmatch_dest => $root_url ? { '' => undef, '/' => undef, default => $root_url },
options => ['-Indexes', '+FollowSymLinks','+MultiViews'],
}))

}

Loading…
Cancel
Save