1 files changed, 57 insertions, 0 deletions

diff --git a/cacti-httpd.conf b/cacti-httpd.conf
new file mode 100644
index 0000000..c687845
--- /dev/null
+++ b/cacti-httpd.conf
@@ -0,0 +1,57 @@
+#
+# Cacti: An rrd based graphing tool
+#
+
+# For security reasons, the Cacti web interface is accessible only to
+# localhost in the default configuration. If you want to allow other clients
+# to access your Cacti installation, change the httpd ACLs below.
+# For example:
+# On httpd 2.4, change "Require host localhost" to "Require all granted".
+# On httpd 2.2, change "Allow from localhost" to "Allow from all".
+
+Alias /cacti    /usr/share/cacti
+
+<Directory /usr/share/cacti/>
+	<IfModule mod_authz_core.c>
+		# httpd 2.4
+		Require host localhost
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		# httpd 2.2
+		Order deny,allow
+		Deny from all
+		Allow from localhost
+	</IfModule>
+</Directory>
+
+<Directory /usr/share/cacti/install>
+	# mod_security overrides.
+	# Uncomment these if you use mod_security.
+	# allow POST of application/x-www-form-urlencoded during install
+	#SecRuleRemoveById 960010
+	# permit the specification of the rrdtool paths during install
+	#SecRuleRemoveById 900011
+</Directory>
+
+
+# These sections marked "Require all denied" (or "Deny from all")
+# should not be modified.
+# These are in place in order to harden Cacti.
+<Directory /usr/share/cacti/log>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		Order deny,allow
+		Deny from all
+	</IfModule>
+</Directory>
+<Directory /usr/share/cacti/rra>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+	<IfModule !mod_authz_core.c>
+		Order deny,allow
+		Deny from all
+	</IfModule>
+</Directory>