Fossil SCM
Enhance security audit to warn about giving hyperlink privilege to user nobody.
Commit
5999d2446b6c43c359a818b84dd7bd75bf1f390225fc4013201387ec0b092072
Parent
ecab8f430ff365e…
2 files changed
+41
-12
+1
+41
-12
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -144,17 +144,17 @@ | ||
| 144 | 144 | @ immediately! Or, at least remove the Setup and Admin privileges |
| 145 | 145 | @ from the default permissions for new users. |
| 146 | 146 | }else if( hasAnyCap(zAnonCap,"y") ){ |
| 147 | 147 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 148 | 148 | @ it allows anonymous users to push unversioned files. |
| 149 | - @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> | |
| 149 | + @ Fix this by <a href="takeitprivate">taking the repository private</a> | |
| 150 | 150 | @ or by removing the "y" permission from users "anonymous" and |
| 151 | 151 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 152 | 152 | }else if( hasAnyCap(zSelfCap,"y") ){ |
| 153 | 153 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 154 | 154 | @ it allows self-registered users to push unversioned files. |
| 155 | - @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> | |
| 155 | + @ Fix this by <a href="takeitprivate">taking the repository private</a> | |
| 156 | 156 | @ or by removing the "y" permission from the default permissions or |
| 157 | 157 | @ by disabling self-registration. |
| 158 | 158 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 159 | 159 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 160 | 160 | @ checked-in content can be accessed by anonymous users. |
| @@ -240,11 +240,11 @@ | ||
| 240 | 240 | */ |
| 241 | 241 | if( db_get_int("redirect-to-https",0)==0 ){ |
| 242 | 242 | @ <li><p><b>WARNING:</b> |
| 243 | 243 | @ Sensitive material such as login passwords can be sent over an |
| 244 | 244 | @ unencrypted connection. |
| 245 | - @ <p>Fix this by changing the "Redirect to HTTPS" setting on the | |
| 245 | + @ Fix this by changing the "Redirect to HTTPS" setting on the | |
| 246 | 246 | @ <a href="setup_access">Access Control</a> page. If you were using |
| 247 | 247 | @ the old "Redirect to HTTPS on Login Page" setting, switch to the |
| 248 | 248 | @ new setting: it has a more secure implementation. |
| 249 | 249 | } |
| 250 | 250 | |
| @@ -282,11 +282,11 @@ | ||
| 282 | 282 | */ |
| 283 | 283 | if( hasAnyCap(zAnonCap, "e") ){ |
| 284 | 284 | @ <li><p><b>WARNING:</b> |
| 285 | 285 | @ Anonymous users can view email addresses and other personally |
| 286 | 286 | @ identifiable information on tickets. |
| 287 | - @ <p>Fix this by removing the "Email" privilege | |
| 287 | + @ Fix this by removing the "Email" privilege | |
| 288 | 288 | @ (<a href="setup_ucap_list">capability "e"</a>) from users |
| 289 | 289 | @ "anonymous" and "nobody" on the |
| 290 | 290 | @ <a href="setup_ulist">User Configuration</a> page. |
| 291 | 291 | } |
| 292 | 292 | |
| @@ -294,11 +294,11 @@ | ||
| 294 | 294 | ** to the repository. |
| 295 | 295 | */ |
| 296 | 296 | if( hasAnyCap(zAnonCap, "i") ){ |
| 297 | 297 | @ <li><p><b>WARNING:</b> |
| 298 | 298 | @ Anonymous users can push new check-ins into the repository. |
| 299 | - @ <p>Fix this by removing the "Check-in" privilege | |
| 299 | + @ Fix this by removing the "Check-in" privilege | |
| 300 | 300 | @ (<a href="setup_ucap_list">capability</a> "i") from users |
| 301 | 301 | @ "anonymous" and "nobody" on the |
| 302 | 302 | @ <a href="setup_ulist">User Configuration</a> page. |
| 303 | 303 | } |
| 304 | 304 | |
| @@ -307,11 +307,11 @@ | ||
| 307 | 307 | */ |
| 308 | 308 | if( hasAnyCap(zAnonCap, "lq5") ){ |
| 309 | 309 | @ <li><p><b>WARNING:</b> |
| 310 | 310 | @ Anonymous users can act as moderators for wiki, tickets, or |
| 311 | 311 | @ forum posts. This defeats the whole purpose of moderation. |
| 312 | - @ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" | |
| 312 | + @ Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" | |
| 313 | 313 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 314 | 314 | @ from users "anonymous" and "nobody" |
| 315 | 315 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 316 | 316 | } |
| 317 | 317 | |
| @@ -470,28 +470,57 @@ | ||
| 470 | 470 | @ number of users (%d(n)). |
| 471 | 471 | @ Ideally, the Write-Unver privilege should only |
| 472 | 472 | @ be granted to one or two users. |
| 473 | 473 | } |
| 474 | 474 | } |
| 475 | + | |
| 476 | + /* Providing hyperlink capability to user "nobody" can lead to robots | |
| 477 | + ** making excessive requests resulting in DoS | |
| 478 | + */ | |
| 479 | + if( db_exists("SELECT 1 FROM user WHERE login='nobody' AND cap GLOB '*h*'") ){ | |
| 480 | + int nobodyId = db_int(0,"SELECT uid FROM user WHERE login='nobody'"); | |
| 481 | + int anonId = db_int(0, | |
| 482 | + "SELECT uid FROM user WHERE login='anonymous' AND cap NOT GLOB '*h*'"); | |
| 483 | + @ <li><p> | |
| 484 | + @ User "nobody" has "Hyperlink" privilege ('h') which can lead to | |
| 485 | + @ robots walking a nearly endless progression of pages on public-facing | |
| 486 | + @ repositories, causing excessive server load and possible DoS. | |
| 487 | + @ Suggested remediation: | |
| 488 | + @ <ol type="a"> | |
| 489 | + @ <li>Remove the 'h' privilege from the | |
| 490 | + @ <a href="%R/setup_uedit?id=%d(nobodyId)">'nobody' user</a> so that | |
| 491 | + @ robots cannot see hyperlinks. | |
| 492 | + @ <li>Activate <a href="%R/setup_access#autoh">autohyperlink</a> so that | |
| 493 | + @ human readers can still see hyperlinks even if they are not logged in. | |
| 494 | + @ Require mouse movement before enabling hyperlinks and set the | |
| 495 | + @ delay to at least 50 milliseconds. | |
| 496 | + if( anonId>0 ){ | |
| 497 | + @ <li>Perhaps set the 'h' privilege on the | |
| 498 | + @ <a href="%R/setup_uedit?id=%d(anonId)">'anonymous' user</a> so | |
| 499 | + @ that humans that have javascript disabled in their browsers can | |
| 500 | + @ still see hyperlinks if they will log in as "anonymous". | |
| 501 | + } | |
| 502 | + @ </ol> | |
| 503 | + } | |
| 475 | 504 | |
| 476 | 505 | /* Notify if REMOTE_USER or HTTP_AUTHENTICATION is used for login. |
| 477 | 506 | */ |
| 478 | 507 | if( db_get_boolean("remote_user_ok", 0) ){ |
| 479 | - @ <li><p> | |
| 508 | + @ <li><p><b>Caution:</b> | |
| 480 | 509 | @ This repository trusts that the REMOTE_USER environment variable set |
| 481 | 510 | @ up by the webserver contains the name of an authenticated user. |
| 482 | 511 | @ Fossil's built-in authentication mechanism is bypassed. |
| 483 | - @ <p>Fix this by deactivating the "Allow REMOTE_USER authentication" | |
| 512 | + @ Fix this by deactivating the "Allow REMOTE_USER authentication" | |
| 484 | 513 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 485 | 514 | } |
| 486 | 515 | if( db_get_boolean("http_authentication_ok", 0) ){ |
| 487 | - @ <li><p> | |
| 516 | + @ <li><p><b>Caution:</b> | |
| 488 | 517 | @ This repository trusts that the HTTP_AUTHENITICATION environment |
| 489 | 518 | @ variable set up by the webserver contains the name of an |
| 490 | 519 | @ authenticated user. |
| 491 | 520 | @ Fossil's built-in authentication mechanism is bypassed. |
| 492 | - @ <p>Fix this by deactivating the "Allow HTTP_AUTHENTICATION authentication" | |
| 521 | + @ Fix this by deactivating the "Allow HTTP_AUTHENTICATION authentication" | |
| 493 | 522 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 494 | 523 | } |
| 495 | 524 | |
| 496 | 525 | /* Logging should be turned on |
| 497 | 526 | */ |
| @@ -512,21 +541,21 @@ | ||
| 512 | 541 | /* Make sure that the load-average limiter is armed and working */ |
| 513 | 542 | if( load_average()==0.0 ){ |
| 514 | 543 | @ <li><p> |
| 515 | 544 | @ Unable to get the system load average. This can prevent Fossil |
| 516 | 545 | @ from throttling expensive operations during peak demand. |
| 517 | - @ <p>If running in a chroot jail on Linux, verify that the /proc | |
| 546 | + @ If running in a chroot jail on Linux, verify that the /proc | |
| 518 | 547 | @ filesystem is mounted within the jail, so that the load average |
| 519 | 548 | @ can be obtained from the /proc/loadavg file. |
| 520 | 549 | }else { |
| 521 | 550 | double r = atof(db_get("max-loadavg", 0)); |
| 522 | 551 | if( r<=0.0 ){ |
| 523 | 552 | @ <li><p> |
| 524 | 553 | @ Load average limiting is turned off. This can cause the server |
| 525 | 554 | @ to bog down if many requests for expensive services (such as |
| 526 | 555 | @ large diffs or tarballs) arrive at about the same time. |
| 527 | - @ <p>To fix this, set the "Server Load Average Limit" on the | |
| 556 | + @ To fix this, set the "Server Load Average Limit" on the | |
| 528 | 557 | @ <a href="setup_access">Access Control</a> page to approximately |
| 529 | 558 | @ the number of available cores on your server, or maybe just a little |
| 530 | 559 | @ less. |
| 531 | 560 | }else if( r>=8.0 ){ |
| 532 | 561 | @ <li><p> |
| 533 | 562 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -144,17 +144,17 @@ | |
| 144 | @ immediately! Or, at least remove the Setup and Admin privileges |
| 145 | @ from the default permissions for new users. |
| 146 | }else if( hasAnyCap(zAnonCap,"y") ){ |
| 147 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 148 | @ it allows anonymous users to push unversioned files. |
| 149 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 150 | @ or by removing the "y" permission from users "anonymous" and |
| 151 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 152 | }else if( hasAnyCap(zSelfCap,"y") ){ |
| 153 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 154 | @ it allows self-registered users to push unversioned files. |
| 155 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 156 | @ or by removing the "y" permission from the default permissions or |
| 157 | @ by disabling self-registration. |
| 158 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 159 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 160 | @ checked-in content can be accessed by anonymous users. |
| @@ -240,11 +240,11 @@ | |
| 240 | */ |
| 241 | if( db_get_int("redirect-to-https",0)==0 ){ |
| 242 | @ <li><p><b>WARNING:</b> |
| 243 | @ Sensitive material such as login passwords can be sent over an |
| 244 | @ unencrypted connection. |
| 245 | @ <p>Fix this by changing the "Redirect to HTTPS" setting on the |
| 246 | @ <a href="setup_access">Access Control</a> page. If you were using |
| 247 | @ the old "Redirect to HTTPS on Login Page" setting, switch to the |
| 248 | @ new setting: it has a more secure implementation. |
| 249 | } |
| 250 | |
| @@ -282,11 +282,11 @@ | |
| 282 | */ |
| 283 | if( hasAnyCap(zAnonCap, "e") ){ |
| 284 | @ <li><p><b>WARNING:</b> |
| 285 | @ Anonymous users can view email addresses and other personally |
| 286 | @ identifiable information on tickets. |
| 287 | @ <p>Fix this by removing the "Email" privilege |
| 288 | @ (<a href="setup_ucap_list">capability "e"</a>) from users |
| 289 | @ "anonymous" and "nobody" on the |
| 290 | @ <a href="setup_ulist">User Configuration</a> page. |
| 291 | } |
| 292 | |
| @@ -294,11 +294,11 @@ | |
| 294 | ** to the repository. |
| 295 | */ |
| 296 | if( hasAnyCap(zAnonCap, "i") ){ |
| 297 | @ <li><p><b>WARNING:</b> |
| 298 | @ Anonymous users can push new check-ins into the repository. |
| 299 | @ <p>Fix this by removing the "Check-in" privilege |
| 300 | @ (<a href="setup_ucap_list">capability</a> "i") from users |
| 301 | @ "anonymous" and "nobody" on the |
| 302 | @ <a href="setup_ulist">User Configuration</a> page. |
| 303 | } |
| 304 | |
| @@ -307,11 +307,11 @@ | |
| 307 | */ |
| 308 | if( hasAnyCap(zAnonCap, "lq5") ){ |
| 309 | @ <li><p><b>WARNING:</b> |
| 310 | @ Anonymous users can act as moderators for wiki, tickets, or |
| 311 | @ forum posts. This defeats the whole purpose of moderation. |
| 312 | @ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" |
| 313 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 314 | @ from users "anonymous" and "nobody" |
| 315 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 316 | } |
| 317 | |
| @@ -470,28 +470,57 @@ | |
| 470 | @ number of users (%d(n)). |
| 471 | @ Ideally, the Write-Unver privilege should only |
| 472 | @ be granted to one or two users. |
| 473 | } |
| 474 | } |
| 475 | |
| 476 | /* Notify if REMOTE_USER or HTTP_AUTHENTICATION is used for login. |
| 477 | */ |
| 478 | if( db_get_boolean("remote_user_ok", 0) ){ |
| 479 | @ <li><p> |
| 480 | @ This repository trusts that the REMOTE_USER environment variable set |
| 481 | @ up by the webserver contains the name of an authenticated user. |
| 482 | @ Fossil's built-in authentication mechanism is bypassed. |
| 483 | @ <p>Fix this by deactivating the "Allow REMOTE_USER authentication" |
| 484 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 485 | } |
| 486 | if( db_get_boolean("http_authentication_ok", 0) ){ |
| 487 | @ <li><p> |
| 488 | @ This repository trusts that the HTTP_AUTHENITICATION environment |
| 489 | @ variable set up by the webserver contains the name of an |
| 490 | @ authenticated user. |
| 491 | @ Fossil's built-in authentication mechanism is bypassed. |
| 492 | @ <p>Fix this by deactivating the "Allow HTTP_AUTHENTICATION authentication" |
| 493 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 494 | } |
| 495 | |
| 496 | /* Logging should be turned on |
| 497 | */ |
| @@ -512,21 +541,21 @@ | |
| 512 | /* Make sure that the load-average limiter is armed and working */ |
| 513 | if( load_average()==0.0 ){ |
| 514 | @ <li><p> |
| 515 | @ Unable to get the system load average. This can prevent Fossil |
| 516 | @ from throttling expensive operations during peak demand. |
| 517 | @ <p>If running in a chroot jail on Linux, verify that the /proc |
| 518 | @ filesystem is mounted within the jail, so that the load average |
| 519 | @ can be obtained from the /proc/loadavg file. |
| 520 | }else { |
| 521 | double r = atof(db_get("max-loadavg", 0)); |
| 522 | if( r<=0.0 ){ |
| 523 | @ <li><p> |
| 524 | @ Load average limiting is turned off. This can cause the server |
| 525 | @ to bog down if many requests for expensive services (such as |
| 526 | @ large diffs or tarballs) arrive at about the same time. |
| 527 | @ <p>To fix this, set the "Server Load Average Limit" on the |
| 528 | @ <a href="setup_access">Access Control</a> page to approximately |
| 529 | @ the number of available cores on your server, or maybe just a little |
| 530 | @ less. |
| 531 | }else if( r>=8.0 ){ |
| 532 | @ <li><p> |
| 533 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -144,17 +144,17 @@ | |
| 144 | @ immediately! Or, at least remove the Setup and Admin privileges |
| 145 | @ from the default permissions for new users. |
| 146 | }else if( hasAnyCap(zAnonCap,"y") ){ |
| 147 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 148 | @ it allows anonymous users to push unversioned files. |
| 149 | @ Fix this by <a href="takeitprivate">taking the repository private</a> |
| 150 | @ or by removing the "y" permission from users "anonymous" and |
| 151 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 152 | }else if( hasAnyCap(zSelfCap,"y") ){ |
| 153 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 154 | @ it allows self-registered users to push unversioned files. |
| 155 | @ Fix this by <a href="takeitprivate">taking the repository private</a> |
| 156 | @ or by removing the "y" permission from the default permissions or |
| 157 | @ by disabling self-registration. |
| 158 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 159 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 160 | @ checked-in content can be accessed by anonymous users. |
| @@ -240,11 +240,11 @@ | |
| 240 | */ |
| 241 | if( db_get_int("redirect-to-https",0)==0 ){ |
| 242 | @ <li><p><b>WARNING:</b> |
| 243 | @ Sensitive material such as login passwords can be sent over an |
| 244 | @ unencrypted connection. |
| 245 | @ Fix this by changing the "Redirect to HTTPS" setting on the |
| 246 | @ <a href="setup_access">Access Control</a> page. If you were using |
| 247 | @ the old "Redirect to HTTPS on Login Page" setting, switch to the |
| 248 | @ new setting: it has a more secure implementation. |
| 249 | } |
| 250 | |
| @@ -282,11 +282,11 @@ | |
| 282 | */ |
| 283 | if( hasAnyCap(zAnonCap, "e") ){ |
| 284 | @ <li><p><b>WARNING:</b> |
| 285 | @ Anonymous users can view email addresses and other personally |
| 286 | @ identifiable information on tickets. |
| 287 | @ Fix this by removing the "Email" privilege |
| 288 | @ (<a href="setup_ucap_list">capability "e"</a>) from users |
| 289 | @ "anonymous" and "nobody" on the |
| 290 | @ <a href="setup_ulist">User Configuration</a> page. |
| 291 | } |
| 292 | |
| @@ -294,11 +294,11 @@ | |
| 294 | ** to the repository. |
| 295 | */ |
| 296 | if( hasAnyCap(zAnonCap, "i") ){ |
| 297 | @ <li><p><b>WARNING:</b> |
| 298 | @ Anonymous users can push new check-ins into the repository. |
| 299 | @ Fix this by removing the "Check-in" privilege |
| 300 | @ (<a href="setup_ucap_list">capability</a> "i") from users |
| 301 | @ "anonymous" and "nobody" on the |
| 302 | @ <a href="setup_ulist">User Configuration</a> page. |
| 303 | } |
| 304 | |
| @@ -307,11 +307,11 @@ | |
| 307 | */ |
| 308 | if( hasAnyCap(zAnonCap, "lq5") ){ |
| 309 | @ <li><p><b>WARNING:</b> |
| 310 | @ Anonymous users can act as moderators for wiki, tickets, or |
| 311 | @ forum posts. This defeats the whole purpose of moderation. |
| 312 | @ Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" |
| 313 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 314 | @ from users "anonymous" and "nobody" |
| 315 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 316 | } |
| 317 | |
| @@ -470,28 +470,57 @@ | |
| 470 | @ number of users (%d(n)). |
| 471 | @ Ideally, the Write-Unver privilege should only |
| 472 | @ be granted to one or two users. |
| 473 | } |
| 474 | } |
| 475 | |
| 476 | /* Providing hyperlink capability to user "nobody" can lead to robots |
| 477 | ** making excessive requests resulting in DoS |
| 478 | */ |
| 479 | if( db_exists("SELECT 1 FROM user WHERE login='nobody' AND cap GLOB '*h*'") ){ |
| 480 | int nobodyId = db_int(0,"SELECT uid FROM user WHERE login='nobody'"); |
| 481 | int anonId = db_int(0, |
| 482 | "SELECT uid FROM user WHERE login='anonymous' AND cap NOT GLOB '*h*'"); |
| 483 | @ <li><p> |
| 484 | @ User "nobody" has "Hyperlink" privilege ('h') which can lead to |
| 485 | @ robots walking a nearly endless progression of pages on public-facing |
| 486 | @ repositories, causing excessive server load and possible DoS. |
| 487 | @ Suggested remediation: |
| 488 | @ <ol type="a"> |
| 489 | @ <li>Remove the 'h' privilege from the |
| 490 | @ <a href="%R/setup_uedit?id=%d(nobodyId)">'nobody' user</a> so that |
| 491 | @ robots cannot see hyperlinks. |
| 492 | @ <li>Activate <a href="%R/setup_access#autoh">autohyperlink</a> so that |
| 493 | @ human readers can still see hyperlinks even if they are not logged in. |
| 494 | @ Require mouse movement before enabling hyperlinks and set the |
| 495 | @ delay to at least 50 milliseconds. |
| 496 | if( anonId>0 ){ |
| 497 | @ <li>Perhaps set the 'h' privilege on the |
| 498 | @ <a href="%R/setup_uedit?id=%d(anonId)">'anonymous' user</a> so |
| 499 | @ that humans that have javascript disabled in their browsers can |
| 500 | @ still see hyperlinks if they will log in as "anonymous". |
| 501 | } |
| 502 | @ </ol> |
| 503 | } |
| 504 | |
| 505 | /* Notify if REMOTE_USER or HTTP_AUTHENTICATION is used for login. |
| 506 | */ |
| 507 | if( db_get_boolean("remote_user_ok", 0) ){ |
| 508 | @ <li><p><b>Caution:</b> |
| 509 | @ This repository trusts that the REMOTE_USER environment variable set |
| 510 | @ up by the webserver contains the name of an authenticated user. |
| 511 | @ Fossil's built-in authentication mechanism is bypassed. |
| 512 | @ Fix this by deactivating the "Allow REMOTE_USER authentication" |
| 513 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 514 | } |
| 515 | if( db_get_boolean("http_authentication_ok", 0) ){ |
| 516 | @ <li><p><b>Caution:</b> |
| 517 | @ This repository trusts that the HTTP_AUTHENITICATION environment |
| 518 | @ variable set up by the webserver contains the name of an |
| 519 | @ authenticated user. |
| 520 | @ Fossil's built-in authentication mechanism is bypassed. |
| 521 | @ Fix this by deactivating the "Allow HTTP_AUTHENTICATION authentication" |
| 522 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 523 | } |
| 524 | |
| 525 | /* Logging should be turned on |
| 526 | */ |
| @@ -512,21 +541,21 @@ | |
| 541 | /* Make sure that the load-average limiter is armed and working */ |
| 542 | if( load_average()==0.0 ){ |
| 543 | @ <li><p> |
| 544 | @ Unable to get the system load average. This can prevent Fossil |
| 545 | @ from throttling expensive operations during peak demand. |
| 546 | @ If running in a chroot jail on Linux, verify that the /proc |
| 547 | @ filesystem is mounted within the jail, so that the load average |
| 548 | @ can be obtained from the /proc/loadavg file. |
| 549 | }else { |
| 550 | double r = atof(db_get("max-loadavg", 0)); |
| 551 | if( r<=0.0 ){ |
| 552 | @ <li><p> |
| 553 | @ Load average limiting is turned off. This can cause the server |
| 554 | @ to bog down if many requests for expensive services (such as |
| 555 | @ large diffs or tarballs) arrive at about the same time. |
| 556 | @ To fix this, set the "Server Load Average Limit" on the |
| 557 | @ <a href="setup_access">Access Control</a> page to approximately |
| 558 | @ the number of available cores on your server, or maybe just a little |
| 559 | @ less. |
| 560 | }else if( r>=8.0 ){ |
| 561 | @ <li><p> |
| 562 |
+1
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -459,10 +459,11 @@ | ||
| 459 | 459 | @ This limit is only enforced on Unix servers. On Linux systems, |
| 460 | 460 | @ access to the /proc virtual filesystem is required, which means this limit |
| 461 | 461 | @ might not work inside a chroot() jail. |
| 462 | 462 | @ (Property: "max-loadavg")</p> |
| 463 | 463 | |
| 464 | + @ <a id="autoh"></a> | |
| 464 | 465 | @ <hr /> |
| 465 | 466 | onoff_attribute( |
| 466 | 467 | "Enable hyperlinks for \"nobody\" based on User-Agent and Javascript", |
| 467 | 468 | "auto-hyperlink", "autohyperlink", 1, 0); |
| 468 | 469 | @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users, |
| 469 | 470 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -459,10 +459,11 @@ | |
| 459 | @ This limit is only enforced on Unix servers. On Linux systems, |
| 460 | @ access to the /proc virtual filesystem is required, which means this limit |
| 461 | @ might not work inside a chroot() jail. |
| 462 | @ (Property: "max-loadavg")</p> |
| 463 | |
| 464 | @ <hr /> |
| 465 | onoff_attribute( |
| 466 | "Enable hyperlinks for \"nobody\" based on User-Agent and Javascript", |
| 467 | "auto-hyperlink", "autohyperlink", 1, 0); |
| 468 | @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users, |
| 469 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -459,10 +459,11 @@ | |
| 459 | @ This limit is only enforced on Unix servers. On Linux systems, |
| 460 | @ access to the /proc virtual filesystem is required, which means this limit |
| 461 | @ might not work inside a chroot() jail. |
| 462 | @ (Property: "max-loadavg")</p> |
| 463 | |
| 464 | @ <a id="autoh"></a> |
| 465 | @ <hr /> |
| 466 | onoff_attribute( |
| 467 | "Enable hyperlinks for \"nobody\" based on User-Agent and Javascript", |
| 468 | "auto-hyperlink", "autohyperlink", 1, 0); |
| 469 | @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users, |
| 470 |