From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH] also force TLS when requiring user authentication in WebUI Date: Tue, 10 Oct 2017 15:39:15 +0200 Message-ID: <20171010153915.1ea70bda.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1869462121285312700==" List-Id: --===============1869462121285312700== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Force TLS _and_ a valid login when accessing protected directories. Signed-off-by: Peter M=C3=BCller --- diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/v= hosts.d/ipfire-interface-ssl.conf index 6f353962e..50e257f16 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -23,7 +23,10 @@ AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users - Require user admin + + Require user admin + Require ssl + ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ @@ -32,24 +35,16 @@ AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users - Require user admin - + + Require user admin + Require ssl + + Require all granted Require all granted SSLOptions +StdEnvVars @@ -85,6 +80,9 @@ AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users - Require user admin + + Require user admin + Require ssl + --===============1869462121285312700==--