Browse Source

Ensure no directory listing is active

By default, puppetlabs-apache module enables Indexes option, which can
lead in data/structure leak.

The following patch disable that option on a global base, since we
shouldn't need such a feature.

Closes-Bug: #1854442
Change-Id: Icba53f4e32237556608f4cb6dcd9da1a71705c19
(cherry picked from commit ad48860b75)
(cherry picked from commit 6357ffa748)
(cherry picked from commit 81c4ebddee)
changes/38/701238/1
Cédric Jeanneret 2 months ago
parent
commit
728eb7f6ef
3 changed files with 9 additions and 1 deletions
  1. +1
    -0
      manifests/wsgi/apache.pp
  2. +6
    -0
      releasenotes/notes/no-directory-listing-8e6270ed0e1eb1d0.yaml
  3. +2
    -1
      spec/defines/openstacklib_wsgi_apache_spec.rb

+ 1
- 0
manifests/wsgi/apache.pp View File

@@ -320,6 +320,7 @@ define openstacklib::wsgi::apache (
error_log_file => $error_log_file,
error_log_pipe => $error_log_pipe,
error_log_syslog => $error_log_syslog,
options => ['-Indexes', '+FollowSymLinks','+MultiViews'],
}

Package<| title == 'httpd' |>

+ 6
- 0
releasenotes/notes/no-directory-listing-8e6270ed0e1eb1d0.yaml View File

@@ -0,0 +1,6 @@
---
security:
- Do not authorize directory listing
fixes:
- rhbz#1778052
- LP#1854442

+ 2
- 1
spec/defines/openstacklib_wsgi_apache_spec.rb View File

@@ -94,7 +94,8 @@ describe 'openstacklib::wsgi::apache' do
'access_log_format' => false,
'error_log_file' => nil,
'error_log_pipe' => nil,
'error_log_syslog' => nil
'error_log_syslog' => nil,
'options' => ['-Indexes', '+FollowSymLinks','+MultiViews'],
)}
it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end

Loading…
Cancel
Save