Ubuntu
moodle package

Moodle uses wrong config to restrict access to localhost

Bug #452622 reported by Jeremy Bícha
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
moodle (Debian)
Fix Released
Unknown
moodle (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: moodle

During installation of moodle, the following question is asked:

  If access is restricted to localhost, other computers will be prevented from connecting to this Moodle site. If you wish for others to be able to use this Moodle site you must not restrict access to localhost.

  Note: Opening your system to connections from remote hosts may have security implications.

  Should access to this Moodle server be restricted to localhost?

If the user answers yes, /etc/apache2/conf.d/moodle includes the lines:

order deny,allow
deny from all
allow from 127.0.0.0/255.0.0.0

The final line needs to be changed to:
allow from localhost

Otherwise, the user will only get a 403 Forbidden message and these show up in the apache2 logs:

[error] [client ::1] client denied by server configuration: /usr/share/moodle/

::1 - - [15/Oct/2009:21:30:58 +0300] "GET /moodle/ HTTP/1.1" 403 500 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20091007 Ubuntu/9.10 (karmic) Firefox/3.5.3"

This type of bug is discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526010 where changing the setting to "allow from localhost" is recommended due to a change in libc6.

ProblemType: Bug
Architecture: i386
Date: Fri Oct 16 01:36:03 2009
DistroRelease: Ubuntu 9.10
Package: moodle 1.9.4.dfsg-0ubuntu2
PackageArchitecture: all
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.46-generic
SourcePackage: moodle
Uname: Linux 2.6.31-14-generic i686

Related branches

lp:ubuntu/karmic/moodle
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Here's a second try at the patch. This time we are not removing 127.0.0.1 just in case.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package moodle - 1.9.4.dfsg-0ubuntu3

---------------
moodle (1.9.4.dfsg-0ubuntu3) karmic; urgency=low

  * Fix webserver config which prevented access by localhost due to
    libc6 change (closes LP: #452622)

 -- Jeremy Bicha <email address hidden> Fri, 16 Oct 2009 04:30:43 +0300

Changed in moodle (Ubuntu):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in moodle (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in moodle (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.