Package: moodle Version: 1.9.4.dfsg-0ubuntu4 Severity: normal Tags: patch Reported in Ubuntu at https://launchpad.net/bugs/452622
During installation of moodle, the following question is asked: If access is restricted to localhost, other computers will be prevented from connecting to this Moodle site. If you wish for others to be able to use this Moodle site you must not restrict access to localhost. Note: Opening your system to connections from remote hosts may have security implications. Should access to this Moodle server be restricted to localhost? If the user answers yes, /etc/apache2/conf.d/moodle includes the lines: order deny,allow deny from all allow from 127.0.0.0/255.0.0.0 The final line needs to be changed to (or at least include): allow from localhost Otherwise, the user will only get a 403 Forbidden message and these show up in the apache2 logs: [error] [client ::1] client denied by server configuration: /usr/share/moodle/ ::1 - - [15/Oct/2009:21:30:58 +0300] "GET /moodle/ HTTP/1.1" 403 500 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20091007 Ubuntu/9.10 (karmic) Firefox/3.5.3" This type of bug is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526010 where changing the setting to "allow from localhost" is recommended due to a change in libc6. Jeremy -- System Information: Debian Release: squeeze/sid APT prefers karmic-updates APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic-proposed'), (500, 'karmic-backports'), (500, 'karmic') Architecture: i386 (i686) Kernel: Linux 2.6.31-14-generic-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages moodle depends on: ii adduser 3.110ubuntu6 add and remove users and groups ii apache2-mpm-prefo 2.2.12-1ubuntu2 Apache HTTP Server - traditional n ii debconf [debconf- 1.5.27ubuntu2 Debian configuration management sy ii libapache2-mod-ph 5.2.10.dfsg.1-2ubuntu5 server-side, HTML-embedded scripti ii libdbd-mysql-perl 4.011-1ubuntu1 A Perl5 database interface to the ii libdbi-perl 1.609-1 Perl Database Interface (DBI) ii mysql-client 5.1.37-1ubuntu5 MySQL database client (metapackage ii mysql-client-5.1 5.1.37-1ubuntu5 MySQL database client binaries ii mysql-server 5.1.37-1ubuntu5 MySQL database server (metapackage ii mysql-server-5.1 5.1.37-1ubuntu5 MySQL database server binaries ii php5-cli 5.2.10.dfsg.1-2ubuntu5 command-line interpreter for the p ii php5-curl 5.2.10.dfsg.1-2ubuntu5 CURL module for php5 ii php5-gd 5.2.10.dfsg.1-2ubuntu5 GD module for php5 ii php5-mysql 5.2.10.dfsg.1-2ubuntu5 MySQL module for php5 ii smarty 2.6.22-1ubuntu2 Template engine for PHP ii ucf 3.0018ubuntu1 Update Configuration File: preserv ii unzip 6.0-1 De-archiver for .zip files ii zip 3.0-1ubuntu1 Archiver for .zip files Versions of packages moodle recommends: ii aspell 0.60.6-2 GNU Aspell spell-checker ii mimetex 1.50-1ubuntu1 LaTeX math expressions to anti-ali ii php5-ldap 5.2.10.dfsg.1-2ubuntu5 LDAP module for php5 ii php5-xmlrpc 5.2.10.dfsg.1-2ubuntu5 XML-RPC module for php5 Versions of packages moodle suggests: pn clamav <none> (no description available) -- debconf information: * moodle/https_only: false * moodle/local_only: true moodle/dbu_name: moodle * moodle/db_server: mysql-server * moodle/db_populate: * moodle/db_create: true moodle/db_host: localhost moodle/fqdn_check: true moodle/pwillegalchar: moodle/config_php_created: moodle/notconfigured: moodle/pwempty: moodle/pwmismatch:
From ee30aa987639aebab45f31de163ad97cc80bb52d Mon Sep 17 00:00:00 2001 From: Jeremy Bicha <jer...@bicha.net> Date: Sun, 18 Oct 2009 02:52:41 +0300 Subject: [PATCH 1/2] * Fix restrict access to localhost due to change in libc --- debian/postinst | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/debian/postinst b/debian/postinst index 8f4ce06..d986e5f 100755 --- a/debian/postinst +++ b/debian/postinst @@ -173,7 +173,8 @@ apache_config() { if [ "$local_only" = "true" ]; then allowdeny="order deny,allow deny from all -allow from 127.0.0.0/255.0.0.0" +allow from 127.0.0.0/255.0.0.0 +allow from localhost" else allowdeny="order allow,deny allow from all" -- 1.6.3.3