From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH v2] also force TLS when requiring user authentication in WebUI
Date: Wed, 11 Oct 2017 15:56:06 +0200
Message-ID: <20171011155606.235bbc73.peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1569312295086642119=="
List-Id: <development.lists.ipfire.org>

--===============1569312295086642119==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Force TLS _and_ a valid login when accessing protected directories.

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
---
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/v=
hosts.d/ipfire-interface-ssl.conf
index e9ad26a96..816b9e637 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -23,7 +23,10 @@
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
     </DirectoryMatch>
     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
     <Directory /srv/web/ipfire/cgi-bin>
@@ -32,7 +35,10 @@
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
         <Files chpasswd.cgi>
             Require all granted
         </Files>
@@ -74,6 +80,9 @@
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
     </Directory>
 </VirtualHost>

--===============1569312295086642119==--