Reflect openstacklib options for apache::vhost resources

It was discovered that Directory Index was enabled by default, leading
to potential leak of data.

A patch was done in puppet-openstacklib[1], but horizon doesn't use this
common lib, meaning it wasn't properly fixed.

[1] change id Icba53f4e32237556608f4cb6dcd9da1a71705c19

Related-Bug: #1854442
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1729423

Change-Id: Ife921f8409f58b70c5da4c344e330eec56669e20
This commit is contained in:
Cédric Jeanneret 2020-02-28 08:08:26 +01:00
parent 2807c62368
commit 7ec0c090eb

View File

@ -268,6 +268,7 @@ class horizon::wsgi::apache (
ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, { ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, {
redirectmatch_regexp => $redirectmatch_regexp_real, redirectmatch_regexp => $redirectmatch_regexp_real,
redirectmatch_dest => $redirectmatch_url_real, redirectmatch_dest => $redirectmatch_url_real,
options => ['-Indexes', '+FollowSymLinks','+MultiViews'],
})) }))
ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, { ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, {
access_log_file => 'horizon_ssl_access.log', access_log_file => 'horizon_ssl_access.log',
@ -280,6 +281,7 @@ class horizon::wsgi::apache (
wsgi_process_group => 'horizon-ssl', wsgi_process_group => 'horizon-ssl',
redirectmatch_regexp => $root_url_real ? { '' => undef, '/' => undef, default => '^/$' }, redirectmatch_regexp => $root_url_real ? { '' => undef, '/' => undef, default => '^/$' },
redirectmatch_dest => $root_url_real ? { '' => undef, '/' => undef, default => $root_url_real }, redirectmatch_dest => $root_url_real ? { '' => undef, '/' => undef, default => $root_url_real },
options => ['-Indexes', '+FollowSymLinks','+MultiViews'],
})) }))
} }