From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH v2] redirect to TLS WebUI if authorisation required Date: Wed, 11 Oct 2017 22:12:02 +0200 Message-ID: <20171011221202.6d48fb35.peter.mueller@link38.eu> In-Reply-To: <1507752301.2995.14.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2521917493869734303==" List-Id: --===============2521917493869734303== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hello Michael, well, actually I used spaces instead of tabs. Second, git format-patch crashed before, and some global configuration options (mail address, ...) needed to be set. Quite strange, but well. I never really used these git functions before, just ran git diff [changed file] > patch and pasted the content with Signed-off-by in my MUA. Now, I take the output of git format-patch, remove all those mail headers, and paste the content in my MUA... As Einstein said: "Make things as easy as you can - but not easier." Quite right... Best regards, Peter Müller > It was. What did you change? > > -Michael > > On Wed, 2017-10-11 at 16:52 +0200, Peter Müller wrote: > > Well, I hope the third try is working now... > > > > > Nope. > > > > > > [root(a)rice-oxley ipfire-2.x]# pwclient git-am -s 1460 > > > Applying patch #1460 using 'git am -s' > > > Description: [v2] redirect to TLS WebUI if authorisation required > > > Applying: redirect to TLS WebUI if authorisation required > > > error: corrupt patch at line 41 > > > Patch failed at 0001 redirect to TLS WebUI if authorisation required > > > The copy of the patch that failed is found in: .git/rebase-apply/patch > > > When you have resolved this problem, run "git am --continue". > > > If you prefer to skip this patch, run "git am --skip" instead. > > > To restore the original branch and stop patching, run "git am --abort". > > > 'git am' failed with exit status 128 > > > > > > > > > On Wed, 2017-10-11 at 15:55 +0200, Peter Müller wrote: > > > > Do not allow credentials being submitted in plaintext to Apache. > > > > Instead, redirect the user with a 301 to the TLS version of IPFire's > > > > web interface. > > > > > > > > Signed-off-by: Peter Müller > > > > --- > > > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf > > > > b/config/httpd/vhosts.d/ipfire-interface.conf > > > > index 619f90fcc..41d10c874 100644 > > > > --- a/config/httpd/vhosts.d/ipfire-interface.conf > > > > +++ b/config/httpd/vhosts.d/ipfire-interface.conf > > > > @@ -12,36 +12,17 @@ > > > > Require all granted > > > > > > > > > > > > - AuthName "IPFire - Restricted" > > > > - AuthType Basic > > > > - AuthUserFile /var/ipfire/auth/users > > > > - Require user admin > > > > + Options SymLinksIfOwnerMatch > > > > + RewriteEngine on > > > > + RewriteCond %{HTTPS} off > > > > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > > > > > > > ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ > > > > > > > > - AllowOverride None > > > > - Options None > > > > - AuthName "IPFire - Restricted" > > > > - AuthType Basic > > > > - AuthUserFile /var/ipfire/auth/users > > > > - Require user admin > > > > - > > > > - Require all granted > > > > - > > > > - > > > > - Require all granted > > > > - > > > > - > > > > + Options SymLinksIfOwnerMatch > > > > + RewriteEngine on > > > > + RewriteCond %{HTTPS} off > > > > + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] > > > > > > > > Alias /updatecache/ /var/updatecache/ > > > > > > > > --===============2521917493869734303==--