From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH v3] redirect to TLS WebUI if authorisation required Date: Wed, 18 Oct 2017 15:58:29 +0100 Message-ID: <1508338709.19915.83.camel@ipfire.org> In-Reply-To: <20171017194907.42a8904f.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0487064123601409689==" List-Id: --===============0487064123601409689== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hi, On Tue, 2017-10-17 at 19:49 +0200, Peter Müller wrote: > Do not allow credentials being submitted in plaintext to Apache. > Instead, redirect the user with a 301 to the TLS version of IPFire's > web interface. > > Not sure if this has been merged (and is working) yet... :-) Why do you doubt that this is working? -Michael > > Signed-off-by: Peter Müller > --- > config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++---------------- > 1 file changed, 8 insertions(+), 16 deletions(-) > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf > b/config/httpd/vhosts.d/ipfire-interface.conf > index 27fd25a95..be15cd041 100644 > --- a/config/httpd/vhosts.d/ipfire-interface.conf > +++ b/config/httpd/vhosts.d/ipfire-interface.conf > @@ -12,25 +12,17 @@ > Require all granted > > > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user admin > + Options SymLinksIfOwnerMatch > + RewriteEngine on > + RewriteCond %{HTTPS} off > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > - AllowOverride None > - Options None > - AuthName "IPFire - Restricted" > - AuthType Basic > - AuthUserFile /var/ipfire/auth/users > - Require user admin > - > - Require all granted > - > - > - Require all granted > - > + Options SymLinksIfOwnerMatch > + RewriteEngine on > + RewriteCond %{HTTPS} off > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > Alias /updatecache/ /var/updatecache/ > --===============0487064123601409689== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl Mnlwa3R4Z0hudy8yK1FDUWNGQWxubmJCVUFDZ2tRZ0hudy8yK1EKQ1FkWHp3LytOc0VLMTNIazFR cE9Edng3QWk5K2NhMGZNaFF4UlJ1cFlEM05QWGpZN1NxVnZoMklMS1R5SGdSMQpLSm9VQ21DMHU0 V09YZS82Z0NwMjNCOVByYkVEcWlLZDkzUVhGRVllcEVQNU9IbGRxODg5TXBNSjkvV21MV25oCjB5 TXpxZmV4WkZvK1dreG56YU54MFJQRkVsZjgzRFN6b002TGJDWE90MUhXUzBWVFloZE9CTk9QdCtx WmxCakMKN0c5RTFVQ0pzUk5MU2tVc1BmTzFSNzNWdStCNUFGQUVtZ0ZxeVNwNFlzVXRNVEw1Vk1z emV0dWhONENxeGRMbApqMG4ydWNZWW1TeEJJZllKdjZUSXJiTDVnS0Jkc0RMR1p5RzlrbE1TUVdK ZS9ITUpDdnJhNG9JL09wcFl3MmVnCkRxN0Zvai9Sb0dDM0hIRzBOdXlmYVpQdkxPbFBWcEhJUXJp azA2cS9mVXB3aGtDMFdxOGFVQnJ1dHRFZHVmSmoKaVNhZ21ZMzdlWHB0L256TkpKL2YrRUlEWmRx Y0NLemRIdnJCU0Z0dUFkUWYxd1hXUDQ2SlFiclpFUEVybC9pcApCUFQrQ1RubzU3all1NEE5OGRw ZDlzaENIdnRWV1RaUUtGMUVOOUlKOXpPVC94OWVDUjRCdTk3NmFGelc1YngrCmpjWlpCWkNabmo2 UFhtNXJwRCtBRGhmWnM0TTk3OEVHSTZBSDJYMEZnM3l2QzFHcFdVL3ZCVGFvU2pGR242YUQKbXh1 L24zRnBiaHdFREF2L3BXWGwzNUxubG1pUWJ1N2JEV29Rb1dwZWVxN1o5Q0VhTEJCeGFpWEVmY3NH ZWNEeAorUXJlYVdieDdLUU0xY1NUVXBIaVRuMndKUEpXVVdDc0V0aCtmNnp5eS8yY2hYcllHemc9 Cj1BVUpZCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0487064123601409689==--