From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] remove unused directories in Apache vhosts and force TLS for logins Date: Tue, 10 Oct 2017 15:40:27 +0200 Message-ID: <20171010154027.2717148e.peter.mueller@link38.eu> In-Reply-To: <1507634675.4045.37.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6810045483357875685==" List-Id: --===============6810045483357875685== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hello Michael, okay, thanks, I did so. Now everything should be fine. :-) Best regards, Peter Müller > Hi, > > it would indeed be better to split this patch into two to three. > > Could you please do this and resubmit? > > -Michael > > On Mon, 2017-10-09 at 22:21 +0200, Peter Müller wrote: > > - remove unused dial.cgi stuff > > - redirect to TLS version for directories requiring an authentication > > - force TLS for directories requiring an authentication > > > > Signed-off-by: Peter Müller > > --- > > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > index 6f353962e..433103fdc 100644 > > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf > > @@ -23,7 +23,10 @@ > > AuthName "IPFire - Restricted" > > AuthType Basic > > AuthUserFile /var/ipfire/auth/users > > - Require user admin > > + > > + Require user admin > > + Require ssl > > + > > > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > > > @@ -32,24 +35,16 @@ > > AuthName "IPFire - Restricted" > > AuthType Basic > > AuthUserFile /var/ipfire/auth/users > > - Require user admin > > + > > + Require user admin > > + Require ssl > > + > > > > Require all granted > > > > > > Require all granted > > > > - > > - Require user admin > > - > > - > > - > > - AllowOverride None > > - Options None > > - AuthName "IPFire - Restricted" > > - AuthType Basic > > - AuthUserFile /var/ipfire/auth/users > > - Require user dial admin > > > > > > SSLOptions +StdEnvVars > > @@ -85,6 +80,9 @@ > > AuthName "IPFire - Restricted" > > AuthType Basic > > AuthUserFile /var/ipfire/auth/users > > - Require user admin > > + > > + Require user admin > > + Require ssl > > + > > > > > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf > > b/config/httpd/vhosts.d/ipfire-interface.conf > > index 619f90fcc..41d10c874 100644 > > --- a/config/httpd/vhosts.d/ipfire-interface.conf > > +++ b/config/httpd/vhosts.d/ipfire-interface.conf > > @@ -12,36 +12,17 @@ > > Require all granted > > > > > > - AuthName "IPFire - Restricted" > > - AuthType Basic > > - AuthUserFile /var/ipfire/auth/users > > - Require user admin > > + Options SymLinksIfOwnerMatch > > + RewriteEngine on > > + RewriteCond %{HTTPS} off > > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > > > - AllowOverride None > > - Options None > > - AuthName "IPFire - Restricted" > > - AuthType Basic > > - AuthUserFile /var/ipfire/auth/users > > - Require user admin > > - > > - Require all granted > > - > > - > > - Require all granted > > - > > - > > - Require user admin > > - > > - > > - > > - AllowOverride None > > - Options None > > - AuthName "IPFire - Restricted" > > - AuthType Basic > > - AuthUserFile /var/ipfire/auth/users > > - Require user dial admin > > + Options SymLinksIfOwnerMatch > > + RewriteEngine on > > + RewriteCond %{HTTPS} off > > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > > > Alias /updatecache/ /var/updatecache/ > > --===============6810045483357875685==--