From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH v2] redirect to TLS WebUI if authorisation required Date: Wed, 11 Oct 2017 15:55:07 +0200 Message-ID: <20171011155507.7cf76c99.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6429187736725602577==" List-Id: --===============6429187736725602577== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Do not allow credentials being submitted in plaintext to Apache. Instead, redirect the user with a 301 to the TLS version of IPFire's web interface. Signed-off-by: Peter M=C3=BCller --- diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhost= s.d/ipfire-interface.conf index 619f90fcc..41d10c874 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -12,36 +12,17 @@ Require all granted - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L] ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ - AllowOverride None - Options None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin - - Require all granted - - - Require all granted - - + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L] Alias /updatecache/ /var/updatecache/ --===============6429187736725602577==--