duplicate httpd "allow" statements cause startup to fail

Issue #351 resolved
Former user created an issue

If you have a duplicate "allow" statements defined in a config file, for example:

set daemon  30              # check services at 30 seconds intervals
set logfile syslog

set httpd port 2812 and
    use address localhost  # only accept connection from localhost
    allow localhost        # allow localhost to connect to the server and
    allow localhost        # duplicate entry
    allow admin:monit      # require user 'admin' with password 'monit'

set daemon 60
include /etc/monit.d/*

Startup will fail saying that the "localhost" entry is incorrect:

Starting monit: /etc/monit.conf:7: Erroneous network or host identifier localhost 'localhost'

Same situation happens when specifying a network. The issue is that either the function Engine_addHostAllow (for hostnames) or Engine_addNetAllow (for networks), both defined in src/http/engine.c, returns false if they don't add the entry, even if it's already there, which will trigger the error message above and startup to fail.

Comments (12)

  1. Tildeslash repo owner

    Fix Issue #351 : Duplicate "set httpd" statement's "allow" option cause startup to fail. Log just warning - duplicate is not hard error, startup can continue.

    → <<cset 5ad9b6aa8978>>

  2. Mark Hudson

    I was able to work around the issue by replacing allow localhost with allow in my config file.

  3. Piotr Bracha

    I do not have duplicate but the error appears:

    root@jenkins:/etc/monit# monit -t
    /etc/monit/monitrc:164: Erroneous network or host identifier monit.example.com 'monit.example.com'
    /etc/monit/monitrc:303: Include failed -- Success '/etc/monit/conf-enabled/*'
    root@jenkins:/etc/monit# grep monit.example.com monitrc
    set mmonit https://user_monit:5LzSFqb86ynkEjq3hqdY7X7L@monit.example.com/collector
         allow monit.example.com
    root@jenkins:/etc/monit# monit -V
    This is Monit version 5.16
    Built with ssl, with pam and with large files
    Copyright (C) 2001-2016 Tildeslash Ltd. All Rights Reserved.

  4. Tildeslash repo owner

    @p.bracha the “set mmonit” statement has no “allow” option. The “allow” option can be used in the “set httpd” context.

  5. Piotr Bracha

    Yes I know. These two statements are separate in two different places in monitrc file. 🙂 I use grep to show that I don’t have duplicates. 😉

  6. Piotr Bracha

    First one is under “set eventqueue”, second one is above “check system $HOST”. When I comment out line “allow monit.example.com” then error disappear and service starts but mmonit still does not have connection.

  7. Tildeslash repo owner

    @p.bracha please can you attach your configuration file and content of /etc/monit/conf-enabled/?

  8. Piotr Bracha

    Sure. Here it is:

    root@jenkins:/etc/monit/conf-enabled# ls -l
    total 0

    but I am little confused. It works and suddenly stopped. I checked and from some reason I can not ping anything - neither url nor ip - from server console but application deployed on the server is visible on the Internet. So maybe this is the problem.

  9. Piotr Bracha

    It was exactly what I thought. No outbound internet connection on the server. After fixing it, problem solved. Thank you for your support! 🙂

  10. Log in to comment