From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] remove unused directories from Apache vhost configs
Date: Tue, 10 Oct 2017 12:31:07 +0100
Message-ID: <1507635067.4045.40.camel@ipfire.org>
In-Reply-To: <20171009222423.3f690afd.peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1812414845610442296=="
List-Id: <development.lists.ipfire.org>

--===============1812414845610442296==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Hi,

On Mon, 2017-10-09 at 22:24 +0200, Peter Müller wrote:
> Hello Michael,
> 
> thanks for the hint.
> 
> > Hi,
> > 
> > this patch doesn't apply against next?
> > 
> > Could you please rebase it?
> 
> Yes, sent in the patch a few seconds ago.
> 
> (I included both deleting unused directory configs and forcing
> TLS for authentications. Of course, one should always split his/her
> patches, but with these small changes, it does not make sense to me.)

You guessed right. And it does make sense :)

> > 
> > On Mon, 2017-09-25 at 17:59 +0200, Peter Müller wrote:
> > > Remove unused vhost configuration directives.
> > > 
> > > They are related to "dial.cgi" and /cgi-bin/dial/, which
> > > both do not exist in IPFire.
> > > 
> > > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > > ---
> > > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > index bec0d580b..eef2d45e2 100644
> > > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > @@ -45,29 +45,12 @@
> > >          <Files webaccess.cgi>
> > >              Require all granted
> > >          </Files>
> > > -        <Files dial.cgi>
> > > -			<RequireAll>
> > > -	  	  	    Require user admin
> > > -				Require ssl  
> > 
> > I think that line doesn't exist in next.
> 
> Yes, it was from the old "[v2] force transport encryption for WebUI logins"-
> patch.

The best way would be to have a patchset then with all of them in it. Or just
submit one after the other. Up to you.

> > 
> > > -			</RequireAll>
> > > -        </Files>
> > > -    </Directory>
> > > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > > -        AllowOverride None
> > > -        Options None
> > > -        AuthName "IPFire - Restricted"
> > > -        AuthType Basic
> > > -        AuthUserFile /var/ipfire/auth/users
> > > -        <RequireAll>
> > > -	        Require user admin dial
> > > -			Require ssl
> > > -		</RequireAll>
> > >      </Directory>
> > >      <Files ~ "\.(cgi|shtml?)$">
> > > -	SSLOptions +StdEnvVars
> > > +		SSLOptions +StdEnvVars  
> > 
> > Indentation has also changed here.
> 
> I see.
> 
> The new combined patch should work now. :-)
> 
> Best regards,
> Peter Müller
> > 
> > >      </Files>
> > >      <Directory /srv/web/ipfire/cgi-bin>
> > > -	SSLOptions +StdEnvVars
> > > +		SSLOptions +StdEnvVars  
> > 
> > And here.
> > 
> > >      </Directory>
> > >      SetEnv HOME /home/nobody
> > >      SetEnvIf User-Agent ".*MSIE.*" \
> > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> > > b/config/httpd/vhosts.d/ipfire-interface.conf
> > > index a0537b392..57cf8ba17 100644
> > > --- a/config/httpd/vhosts.d/ipfire-interface.conf
> > > +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> > > @@ -25,13 +25,6 @@
> > >  		RewriteCond %{HTTPS} off
> > >  		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > >      </Directory>
> > > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > > -        AllowOverride None
> > > -        Options SymLinksIfOwnerMatch
> > > -		RewriteEngine on
> > > -		RewriteCond %{HTTPS} off
> > > -		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > > -    </Directory>
> > >      Alias /updatecache/ /var/updatecache/
> > >  	<Directory /var/updatecache>
> > >  		 Options ExecCGI  
> > 
> > -Michael
> 
> 

-Michael

--===============1812414845610442296==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl
Mnlwa3R4Z0hudy8yK1FDUWNGQWxuY3Izd0FDZ2tRZ0hudy8yK1EKQ1FlYldSQUFnak94Y0lEMERF
Y3V6WkJhSmRjRmtSMG9zaWVBTk9LZnpVdXR2Y3VCa1JUODRMTzczN0k3dTlETAp4WUdvL1pnTzkv
R3ViMDRYWjBIV2tBSHJIS29WeENvQUNUb0lGK2FKQTFQOVpjSlZZRlBORkVGWFNxT3FycGtnCmMw
VFlldVVtOC9FTUcvZ1NsMFc1ZWdnYWk2eXJWMUgwTWV5QlFtQlhnalBZWWFDSk51elFtb1cxY295
YkVhTW0KUUNrSjRldmdSNDUxUG5ST1IxeVB4QnJCdXEwNEhCMjZyMWhpek9KMkFNalNXR1V0enpC
K2I0bHlKeW40OVdOYwpvUlJRTUpPVnNxVlFxOVZPNWtrYWMzdzMzRG9IUlVVLy9qYWdpeGw4aFJq
b001N0I1ZGtvdmRnMDE5L1A1clVCClBOQTc5aFNna0p3SGxLZy9FR2hJUklhamFDQTUzWnR1TXR4
UmJhZEZ0b1RwR0lsdGwwWVBUNFgrdnFrY08zcjMKNnYwdEt6SUQxOEFDU3JoZms3VU5sNHZYbVgx
RGRQTEQ4NUZkQVZ3NXF4M1RseEFyVkppRW8yMnNudDhSb3VvMwplSHh5TWN4VnNtRSt5U21nM0NV
UDM2NDVJSXk2MHFxOTNldmZ4d2hhODFuVG5vcU9lMTlnU201NTFDamlwdDhXCmlLb0xVcVZ3bzRW
NkNTN2M5eWhDTWxvK1JUd2ZsZExWK0psUzM0aUlMWDExODBRNmFGSytqaDVkblJRYTk3cUUKRlBS
L0NHS09zNE5NbHRUSUVYVEtzK0w4UTQ2UVJheWdNWHpUd1kvYzRvOHJZMldyS2pCcnV1MWc3Z1Zm
aldZdQpORVlmbEJDRzVNUmNTWHUyWmMvc3c4SFZGSWdqdW9qZmdvWVhnR0tVM1VTWUNXcG5ZQnM9
Cj1ncDByCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=

--===============1812414845610442296==--