From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH v3] redirect to TLS WebUI if authorisation required Date: Tue, 17 Oct 2017 19:49:07 +0200 Message-ID: <20171017194907.42a8904f.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4587468265975065513==" List-Id: --===============4587468265975065513== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Do not allow credentials being submitted in plaintext to Apache. Instead, redirect the user with a 301 to the TLS version of IPFire's web interface. Not sure if this has been merged (and is working) yet... :-) Signed-off-by: Peter M=C3=BCller --- config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhost= s.d/ipfire-interface.conf index 27fd25a95..be15cd041 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -12,25 +12,17 @@ Require all granted - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L] ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ - AllowOverride None - Options None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin - - Require all granted - - - Require all granted - + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L] Alias /updatecache/ /var/updatecache/ --=20 2.13.6 --===============4587468265975065513==--