Removed the read-only access of the guest user and noticed some things were still available/shown to anonymous users:

'Triggers' link still shown under 'Monitoring'
'Hosts' link still shown under 'Configuration Management'
'Reports' page still available

The attached patches fix these issues, so removing the read-only permissions of the guest account prevents anonymous users from seeing any information.

'config.inc.php.diff.txt' can be run from your 'zabbix' root web directory. For example, mine is /var/www/html/zabbix.

'report1.php.diff.txt' can be run from the next level up. Mine would be /var/www/html.

-cameron

Could you tell me how to apply these patches? I thought I might use patch (patch -b origfile patchfile) but looking at the patch files themselves i'm wondering what they do. do they create new include_new and zabbix_new directories and put the patched version there?

Could you tell me how to apply these patches? I thought I might use patch (patch -b origfile patchfile) but looking at the patch files themselves i'm wondering what they do. do they create new include_new and zabbix_new directories and put the patched version there?

before you install. (make install)
inside directory zabbix-VERSION/frontends/php
patch < file_of_patch

or after you install

inside your root install web files.
patch < file_of_patch


excuse my indian's inglish hehehehehe ;)

Please note this patch might not work with the latest 1.1 release. This was made back in the earlier beta releases of 1.1.

-cameron

Cameron, great work!