Anonymous | Login | 2024-11-21 22:56 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001302 | PacketFence | captive portal | public | 2011-10-05 16:39 | 2012-09-06 10:57 | |||
Reporter | fgaudreault | |||||||
Assigned To | obilodeau | |||||||
Priority | high | Severity | major | Reproducibility | random | |||
Status | closed | Resolution | fixed | |||||
Platform | OS | OS Version | ||||||
Product Version | 3.3.2 | |||||||
Target Version | 3.5.1 | Fixed in Version | 3.5.1 | |||||
Summary | 0001302: People cannot confirm email registration on some cases | |||||||
Description | Here is the use case. In a routed environment, the user self-registers, get the 10min grace period, and tries to load the email link. The email link comes with pf.domain.tld, which usually points to the management interface of PF. The user won't be able to hit the virtual server on port 443 since his IP address won't be allowed to hit the portal. The allow is only for routed-networks, and localhost. So, when you try to reach it using a production ip, you will get a 403. | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | stable: 3547973 devel: 3204f55 | |||||||
fixed in mtn revision | ||||||||
Attached Files | ||||||||
Relationships | ||||||
|
Notes | |
(0002317) obilodeau (reporter) 2011-10-05 17:40 |
Previous readme on how to configure was specifying this and giving appropriate instructions to open up Apache's ACLs. What do you suggest for a fix? |
(0002318) fgaudreault (viewer) 2011-10-05 17:41 |
Create a specific location definition in the captive-portal-common for email-activation.cgi and allow all. I think that would do it. |
(0002397) fgaudreault (viewer) 2011-10-25 11:01 |
Fixed in 3.0.2 |
(0002400) obilodeau (reporter) 2011-10-25 11:44 |
3.0.2 is released, closing ticket. |
(0002690) fgaudreault (viewer) 2012-04-27 11:32 edited on: 2012-04-27 11:33 |
Issue reopened. Tested on 3.3.2, the allow all on activate/email is not sufficient. We still get 403 on the cgi file: client denied by server configuration: /usr/local/pf/html/captive-portal/email_activation.cgi Caused by : <DirectoryMatch "%%install_dir%%/html/captive-portal"> Order deny,allow Deny from all allow from %%routed-nets%% 127.0.0.1 </DirectoryMatch> |
(0002700) sinusoidal (reporter) 2012-05-07 19:04 |
I've also had this error. Put in a temporary work around by adding the url to the allowed_from_all_urls in apache.pm, but concerned that this may have opened up security issues? $tags{'allowed_from_all_urls'} .= '|/activate/email|/activate/email|/email_activation.cgi'; |
(0002701) obilodeau (reporter) 2012-05-08 08:42 |
Increasing priority and targeted for next stable release. |
(0002935) obilodeau (reporter) 2012-08-15 16:45 |
A quick fix was pushed in 3547973: https://github.com/inverse-inc/packetfence/commit/3547973fd7a81f08d9d419685f160ff194573f3a [^] A better fix is coming for the devel branch: fix/apache-acl-generation-for-guests |
(0002950) obilodeau (reporter) 2012-08-20 16:38 |
Better fix for devel completed. |
(0003020) obilodeau (reporter) 2012-09-06 10:57 |
fix released in 3.5.1 yesterday |
Issue History | |||
Date Modified | Username | Field | Change |
2011-10-05 16:39 | fgaudreault | New Issue | |
2011-10-05 17:40 | obilodeau | Note Added: 0002317 | |
2011-10-05 17:41 | fgaudreault | Note Added: 0002318 | |
2011-10-06 09:43 | obilodeau | Target Version | => +1 |
2011-10-06 09:43 | obilodeau | Additional Information Updated | |
2011-10-25 11:01 | fgaudreault | Note Added: 0002397 | |
2011-10-25 11:01 | fgaudreault | Status | new => resolved |
2011-10-25 11:01 | fgaudreault | Fixed in Version | => 3.0.2 |
2011-10-25 11:01 | fgaudreault | Resolution | open => fixed |
2011-10-25 11:01 | fgaudreault | Assigned To | => fgaudreault |
2011-10-25 11:44 | obilodeau | Note Added: 0002400 | |
2011-10-25 11:44 | obilodeau | Status | resolved => closed |
2011-10-25 11:44 | obilodeau | Target Version | +1 => 3.0.2 |
2011-10-25 11:44 | obilodeau | Additional Information Updated | |
2012-04-27 11:30 | fgaudreault | Resolution | fixed => reopened |
2012-04-27 11:30 | fgaudreault | Product Version | 3.0.1 => 3.3.2 |
2012-04-27 11:31 | fgaudreault | Status | closed => assigned |
2012-04-27 11:32 | fgaudreault | Note Added: 0002690 | |
2012-04-27 11:32 | fgaudreault | Resolution | reopened => open |
2012-04-27 11:33 | fgaudreault | Note Edited: 0002690 | |
2012-05-03 13:41 | obilodeau | Assigned To | fgaudreault => obilodeau |
2012-05-07 19:04 | sinusoidal | Note Added: 0002700 | |
2012-05-08 08:42 | obilodeau | Note Added: 0002701 | |
2012-05-08 08:42 | obilodeau | Priority | normal => high |
2012-05-08 08:42 | obilodeau | Fixed in Version | 3.0.2 => |
2012-05-08 08:42 | obilodeau | Target Version | 3.0.2 => +1 |
2012-08-07 16:05 | obilodeau | Relationship added | has duplicate 0001504 |
2012-08-15 16:45 | obilodeau | Note Added: 0002935 | |
2012-08-20 16:38 | obilodeau | git revision | => stable: 3547973 devel: 3204f55 |
2012-08-20 16:38 | obilodeau | Note Added: 0002950 | |
2012-08-20 16:38 | obilodeau | Status | assigned => resolved |
2012-08-20 16:38 | obilodeau | Fixed in Version | => +1 |
2012-08-20 16:38 | obilodeau | Resolution | open => fixed |
2012-09-06 10:56 | obilodeau | Target Version | +1 => 3.5.1 |
2012-09-06 10:56 | obilodeau | Fixed in Version | +1 => 3.5.1 |
2012-09-06 10:57 | obilodeau | Note Added: 0003020 | |
2012-09-06 10:57 | obilodeau | Status | resolved => closed |
Copyright © 2000 - 2012 MantisBT Group |