From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH v2] redirect to TLS WebUI if authorisation required Date: Wed, 11 Oct 2017 14:56:56 +0100 Message-ID: <1507730216.4045.78.camel@ipfire.org> In-Reply-To: <20171011155507.7cf76c99.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4768980462776185986==" List-Id: --===============4768980462776185986== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Nope. [root(a)rice-oxley ipfire-2.x]# pwclient git-am -s 1460 Applying patch #1460 using 'git am -s' Description: [v2] redirect to TLS WebUI if authorisation required Applying: redirect to TLS WebUI if authorisation required error: corrupt patch at line 41 Patch failed at 0001 redirect to TLS WebUI if authorisation required The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128 On Wed, 2017-10-11 at 15:55 +0200, Peter Müller wrote: > Do not allow credentials being submitted in plaintext to Apache. > Instead, redirect the user with a 301 to the TLS version of IPFire's > web interface. > > Signed-off-by: Peter Müller > --- > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf > b/config/httpd/vhosts.d/ipfire-interface.conf > index 619f90fcc..41d10c874 100644 > --- a/config/httpd/vhosts.d/ipfire-interface.conf > +++ b/config/httpd/vhosts.d/ipfire-interface.conf > @@ -12,36 +12,17 @@ > Require all granted > > > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user admin > + Options SymLinksIfOwnerMatch > + RewriteEngine on > + RewriteCond %{HTTPS} off > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > - AllowOverride None > - Options None > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user admin > - > - Require all granted > - > - > - Require all granted > - > - > + Options SymLinksIfOwnerMatch > + RewriteEngine on > + RewriteCond %{HTTPS} off > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > Alias /updatecache/ /var/updatecache/ > --===============4768980462776185986== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl Mnlwa3R4Z0hudy8yK1FDUWNGQWxuZUl5Z0FDZ2tRZ0hudy8yK1EKQ1Fkcjd4QUFwY0xyV0VWTTdn WWdZdGdaOERqZ1RIOW9KdXU5QVNyeFFxSkp6dmZLQmF5USs0b20zaWhBVWZqZApMWUdXYUFWR3U2 czJuZkM2K2hhL0R3bk9oSzd1UldDTDRnVXptZ0k1MFVneE1KVGVhWW56ODBUd3pVd1cwUER2ClFU bXRmdmM5V0RBdnMzYVdwZTRoKzhKOG8rdnJTSGdha3NXa29IRVk3ME5rWEpNbmNlY3RxTkJwOTVm ZFRKZ2MKN1ZDZUJUaGU3WGJwUEVDSEtCSVh5N1NRNTVFZng5bkRGRTBmLzVjSXE1eHRZc1hjOVZF WGtUT2tRQTNiVVl2UwpYSHc2MTBKY1pvYkxPajdGZ0VqRVFQdzNzN0VwNk5XbzJRTHhjdnE3WUpS cFo5eEdTdVJBYmF5VmRTcDhla09JCkYxSzJkN0RaMkZzNHlBUE54NjBJSjBmejlQb0QvYUpMNTQw MC9KVGlwbFFEU0xXdmxkcHEycDBPb1dLN3Zuc1EKSExMZGZhVDRsMTdoNWthTXVNYXIvWmtxbGk3 Qm0yUllHbmgzcUgrN0VJUVdlOWtuaVlvOE5OcXZnelBGa2hNUgo0SWNqeTdnTlAxeForRkptZ2k3 dkNvOVdiRkU5OG1GM05wSEZXN3FvTk5lMU12WDFJUTExbXFJdHdIVGlkUGlmClE2UEhWYkdYbkR5 bWpBeTJjVmxTTlR1d1JuNHBoRVUzQVBHVzVna0lRVVpYb0FlejJNRDJvcmtJei9EQjNzUG4KMi9M elErK2RkM1BVZHcxK0VqbTJGTVhVU25UY3RhNDR2NFkwU2lRTU0weUZ3b2c0ZWducHoySmgyVFhn a3FBNwowZ09kYzhWSXFMTlJ4VGZxWUV6aDlQN01XVDlpN0NXa2daWDAyRHlub1o1ZDd1VnRZaG89 Cj1sYjZ3Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============4768980462776185986==--