Moodle uses wrong config to restrict access to localhost
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
moodle (Debian) |
Fix Released
|
Unknown
|
|||
moodle (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: moodle
During installation of moodle, the following question is asked:
If access is restricted to localhost, other computers will be prevented from connecting to this Moodle site. If you wish for others to be able to use this Moodle site you must not restrict access to localhost.
Note: Opening your system to connections from remote hosts may have security implications.
Should access to this Moodle server be restricted to localhost?
If the user answers yes, /etc/apache2/
order deny,allow
deny from all
allow from 127.0.0.0/255.0.0.0
The final line needs to be changed to:
allow from localhost
Otherwise, the user will only get a 403 Forbidden message and these show up in the apache2 logs:
[error] [client ::1] client denied by server configuration: /usr/share/moodle/
::1 - - [15/Oct/
This type of bug is discussed in http://
ProblemType: Bug
Architecture: i386
Date: Fri Oct 16 01:36:03 2009
DistroRelease: Ubuntu 9.10
Package: moodle 1.9.4.dfsg-0ubuntu2
PackageArchitec
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: moodle
Uname: Linux 2.6.31-14-generic i686
Related branches
Changed in moodle (Debian): | |
status: | Unknown → New |
Changed in moodle (Debian): | |
status: | New → Fix Released |
Here's a second try at the patch. This time we are not removing 127.0.0.1 just in case.