Merge pull request #2108 from OnlineDynamic/accessibilityandsecurityd…

…ec24 Lockdown mod_status and phpinfo
FalconChristmas · Jan 8, 2025 · 0aeab38 · 0aeab38
2 parents 35c0bc9 + 24ffce9
commit 0aeab38
Show file tree

Hide file tree

Showing 7 changed files with 148 additions and 2 deletions.
diff --git a/SD/FPP_Install.sh b/SD/FPP_Install.sh
@@ -1301,7 +1301,9 @@ sed -i -e "s/APACHE_RUN_GROUP=.*/APACHE_RUN_GROUP=${FPPUSER}/" /etc/apache2/envv
 sed -i -e "s#APACHE_LOG_DIR=.*#APACHE_LOG_DIR=${FPPHOME}/media/logs#" /etc/apache2/envvars
 sed -i -e "s/Listen 8080.*/Listen 80/" /etc/apache2/ports.conf
 
+#Copy FPP Defined Apache configs
 cat /opt/fpp/etc/apache2.site > /etc/apache2/sites-enabled/000-default.conf
+cat /opt/fpp/etc/apache2.status > /etc/apache2/mods-enabled/status.conf
 
 # Enable Apache modules
 a2dismod php${ACTUAL_PHPVER}

diff --git a/etc/apache2.site b/etc/apache2.site
@@ -128,7 +128,7 @@ ServerTokens Prod
     # 2.2.x+
 
     AddType image/svg+xml                               svgz svg
-    AddType image/x-icon                                cur
+    AddType image/x-icon                                cur ico
 
     # 2.4.x+
 

diff --git a/etc/apache2.status b/etc/apache2.status
@@ -0,0 +1,25 @@
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from localhost ip6-localhost
+</Location>
+
+
+# Keep track of extended status information for each request
+ExtendedStatus On
+
+# Determine if mod_status displays the first 63 characters of a request or
+# the last 63, assuming the request itself is greater than 63 chars.
+# Default: Off
+#SeeRequestTail On
+
+
+<IfModule mod_proxy.c>
+	# Show Proxy LoadBalancer status in mod_status
+	ProxyStatus On
+</IfModule>
diff --git a/www/localonly/.htaccess b/www/localonly/.htaccess
@@ -0,0 +1,4 @@
+   order deny,allow
+   deny from all
+   Require local
+   allow from all
diff --git a/www/localonly/cleanedphpinfo.php b/www/localonly/cleanedphpinfo.php
@@ -0,0 +1,89 @@
+<?php
+
+ob_start();
+
+ob_start();                              // Capturing
+phpinfo();                               // phpinfo ()
+$info = trim(ob_get_clean());           // output
+
+// Replace white space in ID and NAME attributes... if exists
+$info = preg_replace('/(id|name)(=["\'][^ "\']+) ([^ "\']*["\'])/i', '$1$2_$3', $info);
+
+$imp = new DOMImplementation();
+$dtd = $imp->createDocumentType(
+    'html',
+    '-//W3C//DTD XHTML 1.0 Transitional//EN',
+    'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'
+);
+$doc = $imp->createDocument(
+    'http://www.w3.org/1999/xhtml',
+    'html',
+    $dtd
+);
+$doc->encoding = 'utf-8';
+
+$info_doc = new DOMDocument('1.0', 'utf-8');
+/* Parse phpinfo's output
+ * operator @ used to avoid messages about undefined entities
+ * or use loadHTML instead
+ */
+@$info_doc->loadXML($info);
+
+$doc->documentElement->appendChild( // Adding HEAD element to HTML
+    $doc->importNode(
+        $info_doc->getElementsByTagName('head')->item(0),
+        true                         // With all the subtree
+    )
+);
+$doc->documentElement->appendChild( // Adding BODY element to HTML
+    $doc->importNode(
+        $info_doc->getElementsByTagName('body')->item(0),
+        true                         // With all the subtree
+    )
+);
+
+// Now you get a clean output and you are able to validate...
+/*
+echo ($doc->saveXML ());
+//      OR
+echo ($doc->saveHTML ());
+ */
+
+// By that way it's easy to add some style declaration :
+$style = $doc->getElementsByTagName('style')->item(0);
+$style->appendChild(
+    $doc->createTextNode(
+        '/* SOME NEW CSS RULES TO ADD TO THE FUNCTION OUTPUT */'
+    )
+);
+
+// to add some more informations to display :
+$body = $doc->getElementsByTagName('body')->item(0);
+$element = $doc->createElement('p');
+$element->appendChild(
+    $doc->createTextNode(
+        'FPP cleaned version of phpinfo()'
+    )
+);
+$body->appendChild($element);
+
+// to add a new header :
+$head = $doc->getElementsByTagName('head')->item(0);
+$meta = $doc->createElement('meta');
+$meta->setAttribute('name', 'author');
+$meta->setAttribute('content', 'arimbourg at ariworld dot eu');
+$head->appendChild($meta);
+
+// As you wish, take the rest of the output and add it for debugging
+$out = ob_get_clean();
+
+$pre = $doc->createElement('div'); // or pre
+$pre->setAttribute('style', 'white-space: pre;'); // for a div element, useless with pre
+$pre->appendChild($doc->createTextNode($out));
+$body->appendChild($pre);
+
+$doc->formatOutput = true; // For a nice indentation
+//echo ($doc->saveXML());
+$exportbody = $doc->documentElement->lastChild;
+echo ($doc->saveHTML($exportbody));
+?>
diff --git a/www/localonly/phpinfo.php b/www/localonly/phpinfo.php
@@ -0,0 +1 @@
+<?php phpinfo(); ?>
diff --git a/www/troubleshoot-commands.json b/www/troubleshoot-commands.json
@@ -526,6 +526,31 @@
                     ]
                 }
             }
+        },
+        "Webserver": {
+            "grpDisplayTitle": "Webserver",
+            "grpDescription": "Information on the local web server",
+            "platforms": [
+                "all"
+            ],
+            "commands": {
+                "Server-Status": {
+                    "title": "Apache Server Status",
+                    "description": "Results from Apache mod_status extension",
+                    "cmd": "curl -s http://localhost/server-status",
+                    "platforms": [
+                        "all"
+                    ]
+                },
+                "PHPInfo": {
+                    "title": "PHP Info",
+                    "description": "Results from php_info() function",
+                    "cmd": "curl -s http://localhost/localonly/cleanedphpinfo.php",
+                    "platforms": [
+                        "all"
+                    ]
+                }
+            }
         }
     }
-}
+}