-
Incident report
-
Resolution: Workaround proposed
-
Minor
-
None
-
3.4.7
-
None
-
CentOS 7 & RHEL 7
I noticed that //myzabbix/icons/ (i.e, /usr/share/httpd/icons) can be browsed with the provided settings from Zabbix. The other Zabbix directories are secured in the zabbix.conf file located in /etc/httpd/conf.d.
Example here:
</Directory>
<Directory "/usr/share/zabbix/conf">
Require all denied
</Directory>
<Directory "/usr/share/zabbix/app">
Require all denied
</Directory>
<Directory "/usr/share/zabbix/include">
Require all denied
</Directory>
<Directory "/usr/share/zabbix/local">
Require all denied
</Directory>
I wanted to report this in case this was not intentional.