GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
XYMON-WEBACCESS(5) FreeBSD File Formats Manual XYMON-WEBACCESS(5)

xymon-webaccess - Web-based access controls in Xymon

Xymon does not provide any built-in authentication (login) mechanism. Instead, it relies on the access controls available in your web server, e.g. the Apache mod_auth modules.

This provides a simple way of controlling access to the physical directories that make up the pages and subpages with the hosts defined in your Xymon hosts.cfg(5) setup - you can use the Apache "require" setting to allow or deny access to information on any page, usually through the use of a "Require group ..." setting. The group name then refers to one or more groups in an Apache AuthGroupFile file.

However, this does not work for the Xymon CGI programs since they are used to fetch information about all hosts in Xymon, but there is only a single directory holding all of the CGI's. So here you can only require that the user is logged-in (the Apache "Require valid-user" directive). A user with a login can - if he knows the hostname - manipulate the request sent to the webserver and fetch information about any status by use of the Xymon CGI programs, even though he cannot see the overview webpages.

To alleviate this situation, the following Xymon CGI's support a "--access=FILENAME" option, where FILENAME is an Apache compatible group-definitions file:
svcstatus.cgi(1)
acknowledge.cgi(1)
enadis.cgi(1)
appfeed.cgi(1)

When invoked with this option the CGI will read the Apache group-definitions file, and assume that an Apache group maps to a Xymon page, and then - based on the logged-in userid - determine which pages and hosts the user is allowed access to. Only information about those hosts will be made available by the CGI tool.

Members of the group root has access to all hosts.

Access will also be granted, if the user is a member of a group with the same name as the host being requested, or as the statuscolumn being requested.

The Apache "Authentication, Authorization and Access Control" documentation, http://httpd.apache.org/docs/2.2/howto/auth.html

Version 4.3.30: 4 Sep 2019 Xymon

Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.