Package: moodle
Version: 1.9.4.dfsg-0ubuntu4
Severity: normal
Tags: patch
Reported in Ubuntu at https://launchpad.net/bugs/452622
During installation of moodle, the following question is asked:
If access is restricted to localhost, other computers will be
prevented from connecting to this Moodle site. If you wish for others
to be able to use this Moodle site you must not restrict access to
localhost.
Note: Opening your system to connections from remote hosts may have
security implications.
Should access to this Moodle server be restricted to localhost?
If the user answers yes, /etc/apache2/conf.d/moodle includes the lines:
order deny,allow
deny from all
allow from 127.0.0.0/255.0.0.0
The final line needs to be changed to (or at least include):
allow from localhost
Otherwise, the user will only get a 403 Forbidden message and these
show up in the apache2 logs:
[error] [client ::1] client denied by server configuration: /usr/share/moodle/
::1 - - [15/Oct/2009:21:30:58 +0300] "GET /moodle/ HTTP/1.1" 403 500
"-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3)
Gecko/20091007 Ubuntu/9.10 (karmic) Firefox/3.5.3"
This type of bug is discussed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526010 where changing
the setting to "allow from localhost" is recommended due to a change
in libc6.
Jeremy
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500,
'karmic-proposed'), (500, 'karmic-backports'), (500, 'karmic')
Architecture: i386 (i686)
Kernel: Linux 2.6.31-14-generic-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages moodle depends on:
ii adduser 3.110ubuntu6 add and remove users and groups
ii apache2-mpm-prefo 2.2.12-1ubuntu2 Apache HTTP Server - traditional n
ii debconf [debconf- 1.5.27ubuntu2 Debian configuration management sy
ii libapache2-mod-ph 5.2.10.dfsg.1-2ubuntu5 server-side, HTML-embedded scripti
ii libdbd-mysql-perl 4.011-1ubuntu1 A Perl5 database interface to the
ii libdbi-perl 1.609-1 Perl Database Interface (DBI)
ii mysql-client 5.1.37-1ubuntu5 MySQL database client (metapackage
ii mysql-client-5.1 5.1.37-1ubuntu5 MySQL database client binaries
ii mysql-server 5.1.37-1ubuntu5 MySQL database server (metapackage
ii mysql-server-5.1 5.1.37-1ubuntu5 MySQL database server binaries
ii php5-cli 5.2.10.dfsg.1-2ubuntu5 command-line interpreter for the p
ii php5-curl 5.2.10.dfsg.1-2ubuntu5 CURL module for php5
ii php5-gd 5.2.10.dfsg.1-2ubuntu5 GD module for php5
ii php5-mysql 5.2.10.dfsg.1-2ubuntu5 MySQL module for php5
ii smarty 2.6.22-1ubuntu2 Template engine for PHP
ii ucf 3.0018ubuntu1 Update Configuration File: preserv
ii unzip 6.0-1 De-archiver for .zip files
ii zip 3.0-1ubuntu1 Archiver for .zip files
Versions of packages moodle recommends:
ii aspell 0.60.6-2 GNU Aspell spell-checker
ii mimetex 1.50-1ubuntu1 LaTeX math expressions to anti-ali
ii php5-ldap 5.2.10.dfsg.1-2ubuntu5 LDAP module for php5
ii php5-xmlrpc 5.2.10.dfsg.1-2ubuntu5 XML-RPC module for php5
Versions of packages moodle suggests:
pn clamav <none> (no description available)
-- debconf information:
* moodle/https_only: false
* moodle/local_only: true
moodle/dbu_name: moodle
* moodle/db_server: mysql-server
* moodle/db_populate:
* moodle/db_create: true
moodle/db_host: localhost
moodle/fqdn_check: true
moodle/pwillegalchar:
moodle/config_php_created:
moodle/notconfigured:
moodle/pwempty:
moodle/pwmismatch:
From ee30aa987639aebab45f31de163ad97cc80bb52d Mon Sep 17 00:00:00 2001
From: Jeremy Bicha <jer...@bicha.net>
Date: Sun, 18 Oct 2009 02:52:41 +0300
Subject: [PATCH 1/2] * Fix restrict access to localhost due to change in libc
---
debian/postinst | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/debian/postinst b/debian/postinst
index 8f4ce06..d986e5f 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -173,7 +173,8 @@ apache_config() {
if [ "$local_only" = "true" ]; then
allowdeny="order deny,allow
deny from all
-allow from 127.0.0.0/255.0.0.0"
+allow from 127.0.0.0/255.0.0.0
+allow from localhost"
else
allowdeny="order allow,deny
allow from all"
--
1.6.3.3
