Johnrip84
Flexera beginner

Disable HTTP Options FlexNet Publisher License Server Manager 11.14.0.1

Hi, I am looking to disable the HTTP Methods that are not in use like OPTIONS,  in a FlexNet Publisher License Server Manager 11.14.0.1, adding a file httpConfExtra.conf in lmadmin configuration folder, but with Apache configuration it doesn't work:

<Directory />
AllowOverride none
Require all denied
<LimitExcept POST GET HEAD>
Deny from all
</LimitExcept>
</Directory>

when testing with curl it responds:

bash> curl -i -X OPTIONS http://hostIPx.x.x.:8090
HTTP/1.1 200 OK
Date: Wed, 18 Aug 2021 21:20:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 0
Content-Type: text/html

Could someone help me?


Thank you.

0 Kudos
6 Replies
mrathinam
Revenera
Revenera

Hi @Johnrip84 

 Please check https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/Customizing-Apache-HTTP-Server-con... KB will help to fix this issue. 

Best Regards,

Mani. 

0 Kudos

@Johnrip84  

Or, in httpd.conf and add the following in the respective Directory directive

<Directory />
AllowOverride none
Require all denied
<LimitExcept POST GET HEAD>
Deny from all
</LimitExcept>
</Directory>

Reload Apache, this should work. 

Best Regards,

Mani. 

0 Kudos

Hi @mrathinam, this configuration is lost when apache is restarted, as the note indicates:
"What if one changes the default httpd.conf?

If customizations are done on the httpd.conf that comes along lmadmin as a default file they’ll be applied. However, when they restart the server customizations will be overwritten back to the default form. Taking the route of httpd.conf is not recommended and it’s not a workable solution."

Thanks!
0 Kudos

@mrathinam, it works now!!! I have added this line in the httpConfExtra.conf file:

DocumentRoot "web"
<Directory "web">
AllowOverride All
</Directory>

Then I have created a .htaccess file with this content in the web folder:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(OPTIONS)
RewriteRule .* - [F]

After restarting apache it already show me the options method with a 403 Forbidden response:

curl -v -X OPTIONS http://localhost:8090
* Trying 127.0.0.1:8090...
* Connected to localhost (127.0.0.1) port 8090 (#0)
> OPTIONS / HTTP/1.1
> Host: localhost:8090
> User-Agent: curl/7.78.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Fri, 20 Aug 2021 14:47:29 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Content-Length: 202
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
* Connection #0 to host localhost left intact

 

!thanks for your help¡

0 Kudos

@Johnrip84  I am glad that your problem has been solved now. 

 

0 Kudos

Hi @mrathinam,

From this note I have tested the configuration in a httpConfExtra.conf file, but when add the following lines:

<Directory />
AllowOverride none
Require all denied
<LimitExcept POST GET HEAD>
Deny from all
</LimitExcept>
</Directory>

the service returns an internal error and the log records the following: [Fri Aug 20 07:59:26 2021] [crit] [client 127.0.0.1] configuration error: couldn't perform authentication. AuthType not set!: /dashboard, referer: http://localhost:8091/login

¿should exclude a directory in the rule?

Thanks!

0 Kudos