[Pkg-nagios-devel] Bug#708303: Bug#708303: nagios3-cgi: Don't Miss and Latest News result in insecure page warning from some browsers
Alexander Wirt
formorer at debian.org
Wed May 15 07:20:04 UTC 2013
On Tue, 14 May 2013, David North wrote:
> Package: nagios3-cgi
> Version: 3.4.1-3
> Severity: normal
> Tags: upstream
>
> (1) Install nagios3-cgi
> (2) Tweak apache config to mount the web interface on an https URL, that is, with SSL
> (3) Visit the web interface at https://yourserver
>
> At this point, the browser warns that some elements of the page are not encrypted.
>
> This warning can take the form of a modal dialog in some browsers and is annoying
> and confusing.
>
> Looking at the 'net' panel in firebug reveals this URL being fetched:
>
> http://assets.nagios.com/images/corepromos/2012-01-26-trainingsplash.jpg
>
> The 'Latest News' RSS feed appears to be including images over plain HTTP
>
> I've commented out lines 19-24 of /usr/share/nagios3/htdocs/main.php to work around this.
>
> Can we persuade upstream to serve this stuff over HTTPS? Or have an option to disable
> these feeds?
>
> Happy to work on a patch for upstream or Debian depending on what you think best.
best would be a patch that patches this rss *censored* out.
Alex
More information about the Pkg-nagios-devel
mailing list