First Last Prev Next    This bug is not in your last search results.
Bug 51294 - Make Apache ServerSignature configurable via UCR
Make Apache ServerSignature configurable via UCR
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Apache
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-6-errata
Assigned To: Florian Best
Dirk Wiesenthal
:
Depends on:
Blocks: 52573
  Show dependency treegraph
 
Reported: 2020-05-15 12:48 CEST by Florian Best
Modified: 2021-01-11 15:36 CET (History)
4 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
patch (1.46 KB, patch)
2020-10-28 21:53 CET, Florian Best 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2020-05-15 12:48:10 CEST 
The apache configuration ServerSignature and "ServerTokens Prod" enhance the security by not showing the Apache&UCS version - at least customer*s think that it increases security, while there are a lot of ways to receive the UCS version without these headers.

We should make them configurable via UCR.

Here they are hardcoded:
/etc/apache2/conf-available/security.conf:#ServerSignature Off
/etc/apache2/conf-available/security.conf:ServerSignature On
/etc/apache2/conf-available/ucs.conf:ServerSignature On
Comment 1 Florian Best univentionstaff 2020-10-28 21:53:57 CET 
Created attachment 10539 [details]
patch
Comment 2 Florian Best univentionstaff 2020-11-02 12:48:38 CET 
The following apache configuration can now be done via UCR:

[apache2/server-limit]
Description[de]=Definiert den Wert der Apache Konfiguration "ServerLimit".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#serverlimit>.
Description[en]=Defines the value of the apache configuration "ServerLimit". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit>.
Type=int
Categories=service-apache

[apache2/start-servers]
Description[de]=Definiert den Wert der Apache Konfiguration "StartServers".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#startservers>.
Description[en]=Defines the value of the apache configuration "StartServers". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers>.
Type=int
Categories=service-apache

[apache2/max-request-workers]
Description[de]=Definiert den Wert der Apache Konfiguration "MaxRequestWorkers".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#maxrequestworkers>.
Description[en]=Defines the value of the apache configuration "MaxRequestWorkers". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers>.
Type=int
Categories=service-apache

[apache2/min-spare-threads]
Description[de]=Definiert den Wert der Apache Konfiguration "MinSpareThreads".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#minsparethreads>.
Description[en]=Defines the value of the apache configuration "MinSpareThreads". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads>.
Type=int
Categories=service-apache

[apache2/max-spare-threads]
Description[de]=Definiert den Wert der Apache Konfiguration "MaxSpareThreads".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#maxsparethreads>.
Description[en]=Defines the value of the apache configuration "MaxSpareThreads". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads>.
Type=int
Categories=service-apache

[apache2/threads-per-child]
Description[de]=Definiert den Wert der Apache Konfiguration "ThreadsPerChild".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/de/mod/mpm_common.html#threadsperchild>.
Description[en]=Defines the value of the apache configuration "ThreadsPerChild". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild>.
Type=int
Categories=service-apache

[apache2/server-signature]
Description[de]=Definiert den Wert der Apache Konfiguration "ServerSignature".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/mod/core.html#serversignature>.
Description[en]=Defines the value of the apache configuration "ServerSignature". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/core.html#serversignature>.
Type=str
Categories=service-apache

[apache2/server-tokens]
Description[de]=Definiert den Wert der Apache Konfiguration "ServerTokens".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/mod/core.html#servertokens>.
Description[en]=Defines the value of the apache configuration "ServerTokens". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/core.html#servertokens>.
Type=str
Categories=service-apache

[apache2/server-admin]
Description[de]=Definiert den Wert der Apache Konfiguration "ServerAdmin".  Eine detaillierte Beschreibung findet sich unter <https://httpd.apache.org/docs/2.4/mod/core.html#serveradmin>.
Description[en]=Defines the value of the apache configuration "ServerAdmin". A detailed description can be found at <https://httpd.apache.org/docs/2.4/mod/core.html#serveradmin>.
Type=str
Categories=service-apache

univention-apache.yaml
e1a99e6a458e | YAML Bug #51294

univention-apache (11.0.1-20)
35b569948cdc | Bug #51294: make Apache configuration possible via UCR
Comment 3 Dirk Wiesenthal univentionstaff 2020-11-02 16:29:33 CET 
UCRVs: OK
Apache config: OK
YAML: OK
Comment 5 Thorger Ahrens 2020-11-04 15:55:18 CET 
I've got question concerning the configuration of apache via UCR.

AFAIK, in UCS is actually PHP 7.0 implemented, compiled only with support for Prefork MPM.

I understood the apache documentation in the way, that when Prefork MPM is used, Max/MinSpareThreads will have no effect, because for every http-worker a new process is created, not a new thread?

If that is true, two additional UCR variables for Max/MinSpareServers are necessary, or the existing variables need to be changed?

https://httpd.apache.org/docs/2.4/de/mod/prefork.html
Comment 6 Ingo Steuwer univentionstaff 2020-11-06 13:49:27 CET 
(In reply to Thorger Ahrens from comment #5)
> I've got question concerning the configuration of apache via UCR.
> 
> AFAIK, in UCS is actually PHP 7.0 implemented, compiled only with support
> for Prefork MPM.
> 
> I understood the apache documentation in the way, that when Prefork MPM is
> used, Max/MinSpareThreads will have no effect, because for every http-worker
> a new process is created, not a new thread?
> 
> If that is true, two additional UCR variables for Max/MinSpareServers are
> necessary, or the existing variables need to be changed?
> 
> https://httpd.apache.org/docs/2.4/de/mod/prefork.html

This Bug is in "CLOSED" status. If you need further changes please file a new bug or initiate a discussion on help.univention.com. Thanks!
First Last Prev Next    This bug is not in your last search results.