Security problem apache 2.4 config
kvakanet opened this issue · 0 comments
kvakanet commented
Describe the bug
Create vhost file for apache 2.4 not correct. In apache 2.2 subdirectory deny all but for apache 2.4 subdirectory allow all.
{% for my_path in directory_paths %}
<Directory "{{ my_path }}">
{% if apache_version|string() == '2.4' %}
Require all granted
{% else %}
AllowOverride None
Order Deny,Allow
Deny from all
{% endif %}
</Directory>
Example rules from apache site http://httpd.apache.org/docs/current/upgrading.html
Installation method/version
- Github / latest
Ansible Version
ansible 2.7.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Targetted hosts
Concerns the following OS(es):
- CentOS
Expected behavior
{% for my_path in directory_paths %}
<Directory "{{ my_path }}">
{% if apache_version|string() == '2.4' %}
Require all denied
{% else %}
AllowOverride None
Order Deny,Allow
Deny from all
{% endif %}
</Directory>
Require all granted -> Require all denied