From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH v2] redirect to TLS WebUI if authorisation required Date: Wed, 11 Oct 2017 21:05:01 +0100 Message-ID: <1507752301.2995.14.camel@ipfire.org> In-Reply-To: <20171011165211.0042db75.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4531333432532695829==" List-Id: --===============4531333432532695829== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit It was. What did you change? -Michael On Wed, 2017-10-11 at 16:52 +0200, Peter Müller wrote: > Well, I hope the third try is working now... > > > Nope. > > > > [root(a)rice-oxley ipfire-2.x]# pwclient git-am -s 1460 > > Applying patch #1460 using 'git am -s' > > Description: [v2] redirect to TLS WebUI if authorisation required > > Applying: redirect to TLS WebUI if authorisation required > > error: corrupt patch at line 41 > > Patch failed at 0001 redirect to TLS WebUI if authorisation required > > The copy of the patch that failed is found in: .git/rebase-apply/patch > > When you have resolved this problem, run "git am --continue". > > If you prefer to skip this patch, run "git am --skip" instead. > > To restore the original branch and stop patching, run "git am --abort". > > 'git am' failed with exit status 128 > > > > > > On Wed, 2017-10-11 at 15:55 +0200, Peter Müller wrote: > > > Do not allow credentials being submitted in plaintext to Apache. > > > Instead, redirect the user with a 301 to the TLS version of IPFire's > > > web interface. > > > > > > Signed-off-by: Peter Müller > > > --- > > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf > > > b/config/httpd/vhosts.d/ipfire-interface.conf > > > index 619f90fcc..41d10c874 100644 > > > --- a/config/httpd/vhosts.d/ipfire-interface.conf > > > +++ b/config/httpd/vhosts.d/ipfire-interface.conf > > > @@ -12,36 +12,17 @@ > > > Require all granted > > > > > > > > > - AuthName "IPFire - Restricted" > > > - AuthType Basic > > > - AuthUserFile /var/ipfire/auth/users > > > - Require user admin > > > + Options SymLinksIfOwnerMatch > > > + RewriteEngine on > > > + RewriteCond %{HTTPS} off > > > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > > > > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > > > > > - AllowOverride None > > > - Options None > > > - AuthName "IPFire - Restricted" > > > - AuthType Basic > > > - AuthUserFile /var/ipfire/auth/users > > > - Require user admin > > > - > > > - Require all granted > > > - > > > - > > > - Require all granted > > > - > > > - > > > + Options SymLinksIfOwnerMatch > > > + RewriteEngine on > > > + RewriteCond %{HTTPS} off > > > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > > > > > Alias /updatecache/ /var/updatecache/ > > > > > --===============4531333432532695829== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl Mnlwa3R4Z0hudy8yK1FDUWNGQWxuZWVXMEFDZ2tRZ0hudy8yK1EKQ1FlNnVCQUFseU9oWEcydyt6 VkpHMENIU0pKV1IzcFdDREk0Y2VSbGc3aTkvV2V0bkt1TTBsQXJxQ044bkwzYgpkQzVPU2tRSVVq SE1zT25jYU4xODZCVGphODN5N1U5WVlsWkJkRStNcGRKQ2hYa2V4M1hTV25ia1MrSHhTUkg1Cmc2 dHZobE5lcFk3TWxhWWd4blVQeDllVDcxNU5qb2pmT3l0dWJCR210WjVlUFBDQmNja3BUOTQrOVpl aWhOd1gKUmE5eFJHTEgvVzdVV1k1UUhXcGpHMFpURXQ5cS9JZmRQOXBuTEx5M1JaSGRRNTRMcmdq VFkycVVFRGd4eHY5UQpHYnZ2OHpxalBZd2hURGJNNlNZWTQzWUQ1QXpUdHZTWTI3Z1JFclphcjVz VWlXOURPUTVweWhPOHFvbHhZL3lVClFKa3htZmx4aGlINGUwNXFla0J0Q3p5NG9Ud2N2bHU5KzNU UUw4R0ZNdXJReWZjVk9qLzdVSkhmdGNEeityUmQKVThxRUdUSDJ5dHBIMjFMcmdyVVdiaWQvK0pv Z1VnZTMvbWVCckRRRDNTZnFTckh0SkoyZ1NUTkhqN3dMZElGOQpuY3BMd2QwcFdSdDFCdm9aVVBV MmN2c1ZQOGpJM1Fxay82UUJ6bG9ZOEFYR3loUVVyUlllZnB6OWpkVWVaamR6CnNaK1JBVkdDclZS SDUvYWNEYmlQTjlBOXlIWExoN3g5TklZR1NTNldyNWRqSzB4eGxvM1h0Wi9pRmRZcXpoR1QKMll2 c1NhVjBZUS9veUNWY2hpblZCdi9YVDllbE81a3lMZXhaRTNmaTEzeWR2YTgxbkZ2YWhuWTJUMGdG djJBNgpyeGJqVnFhNi9wZ2dSV1hDOVpiYzRsNDc2dmFXMHdCZ1pUVWp4OUxwb2pmRGFJVm5vYlU9 Cj1yWVJjCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============4531333432532695829==--