Hello Michael,

thanks for the hint.

> Hi,
> 
> this patch doesn't apply against next?
> 
> Could you please rebase it?
Yes, sent in the patch a few seconds ago.

(I included both deleting unused directory configs and forcing
TLS for authentications. Of course, one should always split his/her
patches, but with these small changes, it does not make sense to me.)
> 
> On Mon, 2017-09-25 at 17:59 +0200, Peter Müller wrote:
> > Remove unused vhost configuration directives.
> > 
> > They are related to "dial.cgi" and /cgi-bin/dial/, which
> > both do not exist in IPFire.
> > 
> > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > ---
> > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > index bec0d580b..eef2d45e2 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > @@ -45,29 +45,12 @@
> >          <Files webaccess.cgi>
> >              Require all granted
> >          </Files>
> > -        <Files dial.cgi>
> > -			<RequireAll>
> > -	  	  	    Require user admin
> > -				Require ssl  
> 
> I think that line doesn't exist in next.
Yes, it was from the old "[v2] force transport encryption for WebUI logins"-patch.
> 
> > -			</RequireAll>
> > -        </Files>
> > -    </Directory>
> > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > -        AllowOverride None
> > -        Options None
> > -        AuthName "IPFire - Restricted"
> > -        AuthType Basic
> > -        AuthUserFile /var/ipfire/auth/users
> > -        <RequireAll>
> > -	        Require user admin dial
> > -			Require ssl
> > -		</RequireAll>
> >      </Directory>
> >      <Files ~ "\.(cgi|shtml?)$">
> > -	SSLOptions +StdEnvVars
> > +		SSLOptions +StdEnvVars  
> 
> Indentation has also changed here.
I see.

The new combined patch should work now. :-)

Best regards,
Peter Müller
> 
> >      </Files>
> >      <Directory /srv/web/ipfire/cgi-bin>
> > -	SSLOptions +StdEnvVars
> > +		SSLOptions +StdEnvVars  
> 
> And here.
> 
> >      </Directory>
> >      SetEnv HOME /home/nobody
> >      SetEnvIf User-Agent ".*MSIE.*" \
> > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> > b/config/httpd/vhosts.d/ipfire-interface.conf
> > index a0537b392..57cf8ba17 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> > @@ -25,13 +25,6 @@
> >  		RewriteCond %{HTTPS} off
> >  		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> >      </Directory>
> > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > -        AllowOverride None
> > -        Options SymLinksIfOwnerMatch
> > -		RewriteEngine on
> > -		RewriteCond %{HTTPS} off
> > -		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > -    </Directory>
> >      Alias /updatecache/ /var/updatecache/
> >  	<Directory /var/updatecache>
> >  		 Options ExecCGI  
> 
> -Michael