Project

General

Profile

Actions

Bug #11163

closed

Bug #11159: JSESSION cookie should be "secure"

Enable mod header for apache

Added by François ARMAND over 7 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
N/A
Category:
Packaging
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

We need mod_header enabled by default on our apache.

Actions #1

Updated by François ARMAND over 7 years ago

  • Assignee changed from François ARMAND to Benoît PECCATTE

So, it is already enabled for debian-like in 3.1:

xxx/rudder-project/rudder-packages (branches/rudder/3.1) ==
% rg headers
...
rudder-webapp/debian/postinst
37:  MODULES_TO_ENABLE="dav_fs rewrite proxy_http headers ssl filter deflate" 
...

And it is in rudder 4.1 for rpm-based:

xxx/rudder-project/rudder-packages (branches/rudder/4.1)
% rg headers
...
rudder-webapp/SOURCES/rudder-webapp-apache
2:APACHE_MODULES="${APACHE_MODULES} rewrite dav dav_fs proxy proxy_http headers ssl version" 
...

But I don't understand what is happening for rpm-based distro on 3.1 branch:

- there is no rudder-webapp-apache file
- there is a minimalist "rudder-server-relay/SOURCES/rudder-relay-apache" with only: APACHE_MODULES="${APACHE_MODULES} dav dav_fs ssl version"
- there is in rudder-webapp/SPECS/rudder-webapp.spec if test for some old mod to replace

But I don't see where we are telling for the webapp (not relay only), not when replacing the old mod line where we are enabling "rewrite dav dav_fs proxy proxy_http" (and it should be the place where we should add "headers").

I believe someone more versed in packaging should look to that.

Actions #2

Updated by François ARMAND over 7 years ago

  • Status changed from New to Rejected

So, in fact /etc/sysconfig/rudder-apache comes from (in 3.1 only) rudder webapp: rudder-web/src/main/resources/apache2-sysconfig.

That file correctly contains headers, so I'm closing that ticket.

Actions

Also available in: Atom PDF