[EP-tech] Problem with eprints 3.4 file restricted

John Salter J.Salter at leeds.ac.uk
Fri Jul 10 11:43:46 BST 2020


Hi David,

It might be worth considering this: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fpull%2F506&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=FCoMxvTos0F98Za181GuKw6px6YxD%2FKONWmDX7Jznkg%3D&reserved=0  for inclusion into 3.4?

It attempts to check for outdated security.pl configuration and prints a warning to the error log.
From the comment on the pull request, the warning in the error log could be made a lot 'bigger' - padding it with lines of asterisks etc. to make it easier to spot.

A similar test could be added to bin/epadmin - so a 'test' reveals the issue too?

Cheers,
John


From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of David R Newman via Eprints-tech
Sent: 10 July 2020 11:27
To: Ajunk Pracetio <prazetyo at gmail.com>
Cc: EDER Norbert via Eprints-tech <eprints-tech at ecs.soton.ac.uk>
Subject: Re: [EP-tech] Problem with eprints 3.4 file restricted


Hi Agung Prasetyo W.,

Whilst the multiple versions of the same file are useful to allow local configuration to override core configuration, it can sometimes cause confusion like this.  The GitHub issue refers to fixing the general issue so that when you create a new repository it will not suffer from this bug.  Unfortunately, it does not help fix existing repositories.  It was something that could not be accounted for when it was originally written many years ago, as it could not have been known that how Perl interacted with Apache would change in Apache 2.4 and therefore create this security bug.

Regards

David Newman
On 10/07/2020 10:27, Ajunk Pracetio wrote:
Hi,

After I search on my archives/repo_name/cfg/cfg.d/ directory and change the security.pl<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.pl%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=eeu1mZ53HzxCZomW%2FJhWVQrnHsaVoPrGfrtfSyP7lIQ%3D&amp;reserved=0> like you said, the file success can not be downloaded. I'm sorry for my miss perception that I read on github it says on defaultcfg/cfg/d/ directory.

Thank you very much David and Yuri all your help.

Best regards,
Agung Prasetyo W.

On Fri, Jul 10, 2020 at 3:38 PM David R Newman <drn at ecs.soton.ac.uk<mailto:drn at ecs.soton.ac.uk>> wrote:

Hi Agung Prasetyo Wibowo,

It does not look like the reason the file is accessible is due to caching and it does not sound like you have coversheets enabled which can cause some issues with file access.  As I said in a previous email you can check that EPRINTS_PATH/archives/ARCHIVE_NAME/cfg/cfg.d/security.pl<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.pl%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=eeu1mZ53HzxCZomW%2FJhWVQrnHsaVoPrGfrtfSyP7lIQ%3D&amp;reserved=0> uses the correct method to lookup an IP address is

my $ip = $doc->repository->remote_ip();

(and not my $ip = $r->connection()->remote_ip();)

Beyond this, I think it is worth tailing you webserver log files whilst trying to download this file to see if you are getting any errors.  On RedHat/CentOS/Fedora this would be something like:

tail -f /var/log/httpd/error_log /var/log/httpd/ssl_error_log

I am not sure if you have HTTPS enabled.  If you don't then you need not include ssl_error_log in the command line above.

Regards

David Newman



On 10/07/2020 09:30, Ajunk Pracetio wrote:
Hi,

Is there any file that I must check to make my file can be restricted?

Please need your help.

Thank you

Best regards.
Agung Prasetyo Wibowo

On Fri, Jul 10, 2020 at 9:13 AM Ajunk Pracetio via Eprints-tech <eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>> wrote:
Hi,

I already tried on other browser, but the file still can download.

On Thu, Jul 9, 2020 at 3:39 PM Yuri via Eprints-tech <eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>> wrote:
Hi!

  did you try with another browser? If it works, then If it was the same
browser, it is downloading from the cache even if you logout.

Il 09/07/20 09:59, Ajunk Pracetio via Eprints-tech ha scritto:
> Why is my eprints 3.4 when my document is restricted to user only, can
> still be downloaded.
>
> I have also read https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fissues%2F322&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=h0eUlSEO4hcGKR8nN3sJywMnlKXiSpgwKXHcntXVmys%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fissues%2F322&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=h0eUlSEO4hcGKR8nN3sJywMnlKXiSpgwKXHcntXVmys%3D&amp;reserved=0>
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fissues%2F322&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=h0eUlSEO4hcGKR8nN3sJywMnlKXiSpgwKXHcntXVmys%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fissues%2F322&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=h0eUlSEO4hcGKR8nN3sJywMnlKXiSpgwKXHcntXVmys%3D&amp;reserved=0>>
> and configured the suggested files, but the files can still be downloaded.
>
> Please help.
>
> Regards,
> Agung Prasetyo W.
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=w%2BssWE5B1q4%2FE3jeLrCq0wUKLNq8rvDQxApYBCZlOII%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=w%2BssWE5B1q4%2FE3jeLrCq0wUKLNq8rvDQxApYBCZlOII%3D&amp;reserved=0>
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=W17na%2BzdwctDUDkMS51TYLUiEN1VSDPPUtwAuBQpQeg%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=W17na%2BzdwctDUDkMS51TYLUiEN1VSDPPUtwAuBQpQeg%3D&amp;reserved=0>

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=w%2BssWE5B1q4%2FE3jeLrCq0wUKLNq8rvDQxApYBCZlOII%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=w%2BssWE5B1q4%2FE3jeLrCq0wUKLNq8rvDQxApYBCZlOII%3D&amp;reserved=0>
*** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=W17na%2BzdwctDUDkMS51TYLUiEN1VSDPPUtwAuBQpQeg%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=W17na%2BzdwctDUDkMS51TYLUiEN1VSDPPUtwAuBQpQeg%3D&amp;reserved=0>
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=w%2BssWE5B1q4%2FE3jeLrCq0wUKLNq8rvDQxApYBCZlOII%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=w%2BssWE5B1q4%2FE3jeLrCq0wUKLNq8rvDQxApYBCZlOII%3D&amp;reserved=0>
*** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=W17na%2BzdwctDUDkMS51TYLUiEN1VSDPPUtwAuBQpQeg%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=W17na%2BzdwctDUDkMS51TYLUiEN1VSDPPUtwAuBQpQeg%3D&amp;reserved=0>

[Image removed by sender.]<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=GMcucAhdQql0cCc6KVs9%2BXODdOtyMAZb8TyQ8OcXNfU%3D&amp;reserved=0>
Virus-free. https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=Ah0F377Gx5NcG7p0%2FPeWbbp9V01S0rk7xATG7bmqBVA%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C409ef4f20e6e49f5770708d824be2164%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=GMcucAhdQql0cCc6KVs9%2BXODdOtyMAZb8TyQ8OcXNfU%3D&amp;reserved=0>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200710/3d41b09e/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 350 bytes
Desc: image001.jpg
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200710/3d41b09e/attachment-0001.jpg 


More information about the Eprints-tech mailing list