Hi, it would indeed be better to split this patch into two to three. Could you please do this and resubmit? -Michael On Mon, 2017-10-09 at 22:21 +0200, Peter Müller wrote: > - remove unused dial.cgi stuff > - redirect to TLS version for directories requiring an authentication > - force TLS for directories requiring an authentication > > Signed-off-by: Peter Müller > --- > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > index 6f353962e..433103fdc 100644 > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > @@ -23,7 +23,10 @@ > AuthName "IPFire - Restricted" > AuthType Basic > AuthUserFile /var/ipfire/auth/users > - Require user admin > + > + Require user admin > + Require ssl > + > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > @@ -32,24 +35,16 @@ > AuthName "IPFire - Restricted" > AuthType Basic > AuthUserFile /var/ipfire/auth/users > - Require user admin > + > + Require user admin > + Require ssl > + > > Require all granted > > > Require all granted > > - > - Require user admin > - > - > - > - AllowOverride None > - Options None > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user dial admin > > > SSLOptions +StdEnvVars > @@ -85,6 +80,9 @@ > AuthName "IPFire - Restricted" > AuthType Basic > AuthUserFile /var/ipfire/auth/users > - Require user admin > + > + Require user admin > + Require ssl > + > > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf > b/config/httpd/vhosts.d/ipfire-interface.conf > index 619f90fcc..41d10c874 100644 > --- a/config/httpd/vhosts.d/ipfire-interface.conf > +++ b/config/httpd/vhosts.d/ipfire-interface.conf > @@ -12,36 +12,17 @@ > Require all granted > > > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user admin > + Options SymLinksIfOwnerMatch > + RewriteEngine on > + RewriteCond %{HTTPS} off > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > - AllowOverride None > - Options None > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user admin > - > - Require all granted > - > - > - Require all granted > - > - > - Require user admin > - > - > - > - AllowOverride None > - Options None > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user dial admin > + Options SymLinksIfOwnerMatch > + RewriteEngine on > + RewriteCond %{HTTPS} off > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > Alias /updatecache/ /var/updatecache/ >