An article was written on the discovery of a vulnerability in Centreon which is also included in FAN. The full report is available https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt

To fix this vulnerability, there is 2 solutions :

  • upgrade to Centreon >= 2.3.3 but this package is not avalaible in FAN stable
  • Add a RewriteRule in Apache

For the second solution, here is an example configuration

Modify and add these lines to the end in /etc/httpd/conf.d/centreon.conf

RewriteEngine On
RewriteCond %{QUERY_STRING} SNMP/\.\./\.\./
RewriteRule ^/centreon/ http://YOUR-FAN-SERVER