Bug#1063710: lintian: apache2-deprecated-auth-config ignores mentioned workaround
Package: lintian
Version: 2.117.0
Severity: normal
Dear Maintainer,
I observe the following warning in xymon package:
W: xymon: apache2-deprecated-auth-config Allow [etc/apache2/conf-available/xymon.conf:23]
N:
N: The package is using some of the deprecated authentication configuration
N: directives Order, Satisfy, Allow, Deny, <Limit> or <LimitExcept>
N:
N: These do not integrate well with the new authorization scheme of Apache
N: 2.4 and, in the case of <Limit> and <LimitExcept> have confusing
N: semantics. The configuration directives should be replaced with a suitable
N: combination of <RequireAll>, <RequireAny>, Require all, Require local,
N: Require ip, and Require method.
N:
N: Alternatively, the offending lines can be wrapped between <IfModule
N: !mod_authz_core.c> ... </IfModule> or <IfVersion < 2.3> ... </IfVersion>
N: directives.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: apache2
But this xymon.conf already uses the mentioned
<IfModule !mod_authz_core.c> ... </IfModule>
wrapper:
Directory "/var/lib/xymon/www">
Options Indexes FollowSymLinks Includes MultiViews
<IfModule mod_authz_core.c>
# Apache 2.4+
Require local
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from localhost ::1/128
</IfModule>
</Directory>
So it would be nice, if lintian could check for the suggested wrapper
and mute the alarm if it exists.
Not really sure, whether this worth the effort, in the meantime I'll
add an overrides.
Greetings
Roland
Reply to: