Hi,

On Mon, 2017-10-09 at 22:24 +0200, Peter Müller wrote:
> Hello Michael,
> 
> thanks for the hint.
> 
> > Hi,
> > 
> > this patch doesn't apply against next?
> > 
> > Could you please rebase it?
> 
> Yes, sent in the patch a few seconds ago.
> 
> (I included both deleting unused directory configs and forcing
> TLS for authentications. Of course, one should always split his/her
> patches, but with these small changes, it does not make sense to me.)

You guessed right. And it does make sense :)

> > 
> > On Mon, 2017-09-25 at 17:59 +0200, Peter Müller wrote:
> > > Remove unused vhost configuration directives.
> > > 
> > > They are related to "dial.cgi" and /cgi-bin/dial/, which
> > > both do not exist in IPFire.
> > > 
> > > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > > ---
> > > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > index bec0d580b..eef2d45e2 100644
> > > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > @@ -45,29 +45,12 @@
> > >          <Files webaccess.cgi>
> > >              Require all granted
> > >          </Files>
> > > -        <Files dial.cgi>
> > > -			<RequireAll>
> > > -	  	  	    Require user admin
> > > -				Require ssl  
> > 
> > I think that line doesn't exist in next.
> 
> Yes, it was from the old "[v2] force transport encryption for WebUI logins"-
> patch.

The best way would be to have a patchset then with all of them in it. Or just
submit one after the other. Up to you.

> > 
> > > -			</RequireAll>
> > > -        </Files>
> > > -    </Directory>
> > > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > > -        AllowOverride None
> > > -        Options None
> > > -        AuthName "IPFire - Restricted"
> > > -        AuthType Basic
> > > -        AuthUserFile /var/ipfire/auth/users
> > > -        <RequireAll>
> > > -	        Require user admin dial
> > > -			Require ssl
> > > -		</RequireAll>
> > >      </Directory>
> > >      <Files ~ "\.(cgi|shtml?)$">
> > > -	SSLOptions +StdEnvVars
> > > +		SSLOptions +StdEnvVars  
> > 
> > Indentation has also changed here.
> 
> I see.
> 
> The new combined patch should work now. :-)
> 
> Best regards,
> Peter Müller
> > 
> > >      </Files>
> > >      <Directory /srv/web/ipfire/cgi-bin>
> > > -	SSLOptions +StdEnvVars
> > > +		SSLOptions +StdEnvVars  
> > 
> > And here.
> > 
> > >      </Directory>
> > >      SetEnv HOME /home/nobody
> > >      SetEnvIf User-Agent ".*MSIE.*" \
> > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> > > b/config/httpd/vhosts.d/ipfire-interface.conf
> > > index a0537b392..57cf8ba17 100644
> > > --- a/config/httpd/vhosts.d/ipfire-interface.conf
> > > +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> > > @@ -25,13 +25,6 @@
> > >  		RewriteCond %{HTTPS} off
> > >  		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > >      </Directory>
> > > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > > -        AllowOverride None
> > > -        Options SymLinksIfOwnerMatch
> > > -		RewriteEngine on
> > > -		RewriteCond %{HTTPS} off
> > > -		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > > -    </Directory>
> > >      Alias /updatecache/ /var/updatecache/
> > >  	<Directory /var/updatecache>
> > >  		 Options ExecCGI  
> > 
> > -Michael
> 
> 

-Michael