From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: Re: [PATCH] remove unused directories from Apache vhost configs
Date: Mon, 09 Oct 2017 22:24:23 +0200
Message-ID: <20171009222423.3f690afd.peter.mueller@link38.eu>
In-Reply-To: <1507559551.4045.20.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7208351166710197244=="
List-Id: <development.lists.ipfire.org>

--===============7208351166710197244==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Michael,

thanks for the hint.

> Hi,
>=20
> this patch doesn't apply against next?
>=20
> Could you please rebase it?
Yes, sent in the patch a few seconds ago.

(I included both deleting unused directory configs and forcing
TLS for authentications. Of course, one should always split his/her
patches, but with these small changes, it does not make sense to me.)
>=20
> On Mon, 2017-09-25 at 17:59 +0200, Peter M=C3=BCller wrote:
> > Remove unused vhost configuration directives.
> >=20
> > They are related to "dial.cgi" and /cgi-bin/dial/, which
> > both do not exist in IPFire.
> >=20
> > Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
> > ---
> > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > index bec0d580b..eef2d45e2 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > @@ -45,29 +45,12 @@
> >          <Files webaccess.cgi>
> >              Require all granted
> >          </Files>
> > -        <Files dial.cgi>
> > -			<RequireAll>
> > -	  	  	    Require user admin
> > -				Require ssl =20
>=20
> I think that line doesn't exist in next.
Yes, it was from the old "[v2] force transport encryption for WebUI logins"-p=
atch.
>=20
> > -			</RequireAll>
> > -        </Files>
> > -    </Directory>
> > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > -        AllowOverride None
> > -        Options None
> > -        AuthName "IPFire - Restricted"
> > -        AuthType Basic
> > -        AuthUserFile /var/ipfire/auth/users
> > -        <RequireAll>
> > -	        Require user admin dial
> > -			Require ssl
> > -		</RequireAll>
> >      </Directory>
> >      <Files ~ "\.(cgi|shtml?)$">
> > -	SSLOptions +StdEnvVars
> > +		SSLOptions +StdEnvVars =20
>=20
> Indentation has also changed here.
I see.

The new combined patch should work now. :-)

Best regards,
Peter M=C3=BCller
>=20
> >      </Files>
> >      <Directory /srv/web/ipfire/cgi-bin>
> > -	SSLOptions +StdEnvVars
> > +		SSLOptions +StdEnvVars =20
>=20
> And here.
>=20
> >      </Directory>
> >      SetEnv HOME /home/nobody
> >      SetEnvIf User-Agent ".*MSIE.*" \
> > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> > b/config/httpd/vhosts.d/ipfire-interface.conf
> > index a0537b392..57cf8ba17 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> > @@ -25,13 +25,6 @@
> >  		RewriteCond %{HTTPS} off
> >  		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L]
> >      </Directory>
> > -    <Directory /srv/web/ipfire/cgi-bin/dial>
> > -        AllowOverride None
> > -        Options SymLinksIfOwnerMatch
> > -		RewriteEngine on
> > -		RewriteCond %{HTTPS} off
> > -		RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L]
> > -    </Directory>
> >      Alias /updatecache/ /var/updatecache/
> >  	<Directory /var/updatecache>
> >  		 Options ExecCGI =20
>=20
> -Michael


--===============7208351166710197244==--