[Pkg-nagios-devel] Bug#708303: Bug#708303: nagios3-cgi: Don't Miss and Latest News result in insecure page warning from some browsers

Alexander Wirt formorer at debian.org
Wed May 15 07:20:04 UTC 2013

On Tue, 14 May 2013, David North wrote:

> Package: nagios3-cgi
> Version: 3.4.1-3
> Severity: normal
> Tags: upstream
> (1) Install nagios3-cgi
> (2) Tweak apache config to mount the web interface on an https URL, that is, with SSL
> (3) Visit the web interface at https://yourserver
> At this point, the browser warns that some elements of the page are not encrypted.
> This warning can take the form of a modal dialog in some browsers and is annoying
> and confusing.
> Looking at the 'net' panel in firebug reveals this URL being fetched:
> http://assets.nagios.com/images/corepromos/2012-01-26-trainingsplash.jpg
> The 'Latest News' RSS feed appears to be including images over plain HTTP
> I've commented out lines 19-24 of /usr/share/nagios3/htdocs/main.php to work around this.
> Can we persuade upstream to serve this stuff over HTTPS? Or have an option to disable
> these feeds?
> Happy to work on a patch for upstream or Debian depending on what you think best.
best would be a patch that patches this rss *censored* out. 


More information about the Pkg-nagios-devel mailing list