Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

testserver.pl - TEST-FAILED Webserver is permitting fetch

705 views

Skip to first unread message

John Washburn

unread,

Jan 29, 2008, 11:36:46 PM1/29/08

to support-...@lists.mozilla.org

When I run testserver.pl I pass everything but the last check.

TEST-OK Webserver is running under group id in $webservergroup.
TEST-OK Got front picture.
TEST-OK Webserver is executing CGIs via mod_cgi.
TEST-FAILED Webserver is permitting fetch of http://localhost/bugzilla/localconfig
.
This is a serious security problem.
Check your webserver configuration.

the directory configuration in httpd.conf is

<Directory "/Library/WebServer/Documents/bugzilla">
AddHandler cgi-script .cgi
Options Indexes ExecCGI
DirectoryIndex index.cgi
AllowOverride limit
</Directory>

What needs to change in the directory configuration to satisfy the
last test in testserver.pl?

I am running (almost) Bugzilla 3.0.3.
on Macintosh with Leopard OSX 10.5
Server version: Apache/2.2.6 (Unix)

John Washburn
john.w....@mac.com

Marc Schumann

unread,

Jan 30, 2008, 3:37:09 AM1/30/08

to support-...@lists.mozilla.org

John,

2008/1/30, John Washburn <john.w....@mac.com>:

> TEST-FAILED Webserver is permitting fetch of http://localhost/bugzilla/localconfig

[...]
> AllowOverride limit

I'm not sure whether Apache config is case sensitive, so this may need
to read Limit here instead of limit.

Check your Bugzilla directory for a .htaccess file. Running
checksetup.pl should create one for you unless you specified otherwise
in localconfig. The checksetup.pl-generated .htaccess file takes care
of, among other things, disallowing access to localconfig.

Kind regards
Marc

0 new messages