From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: [PATCH v2] force transport encryption for WebUI logins Date: Sun, 24 Sep 2017 18:55:31 +0200 Message-ID: <4773DDA3-E77B-432D-B29F-30CC95F34583@ipfire.org> In-Reply-To: <20170924130415.65717685.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3145447867852028790==" List-Id: --===============3145447867852028790== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi all, first of all thanks for this great update and your work on this. Have install= ed Core 114 from testing tree and i wanted to deliver you also some feedback. - After the update the WUI was not reachable and shows an 503, do not panic ;= -) this has happened cause of some of my vhost configurations where the old d= irectives 'Order', 'Allow', 'Deny, 'Satisfy' has been set. Apaches error_log = did not display some problems cause after the update but also after an reboot= Apache has not been started again. By the usage of the initscript the proble= m occurs with an -> /etc/init.d/apache restart Restarting Apache daemon... AH00526: Syntax error on line 17 of /etc/httpd/conf/vhosts.d/nfsen.conf: Invalid command 'Order', perhaps misspelled or defined by a module not includ= ed in the server configu[ FAIL ] Since 'mod_access_compat' is not provided (which is a good thing), the access= control do not accept the old directives. The fix was not that complicated, = instead of using e.g. Order deny,allow Deny from all now=20 Require all denied needs to be used. I am currently not sure if IPFire provides vhost configurat= ions which might have problems with this, the Cacti vhost configuration seems= to work even the login appears only in HTTP also there are a lot of PHP warn= ings but i think this is out of the scope in here. > It would be nice if anybody who uses "chpasswd.cgi" and "webaccess.cgi" > (perhaps in a school's network) could test this patch too, since these > CGIs are not accessible via plaintext anymore. >=20 > Both are not working here. "webaccess.cgi" redirects to SSL itself and Have tested webaccess.cgi and it works here fine but i think my version diffe= rs to the default one. I use this version--> http://git.ipfire.org/?p=3Dpeopl= e/ummeegge/ipfire-2.x.git;a=3Dcommit;h=3D8fd29195bc9a7dabfab6ef4e3251cb449b76= 28de have pushed it longer time ago but i think it may be forgotten?=20 > says "disabled by administrator", while "chpasswd.cgi" just returns > a 500 "Internal Server Error". Interesting. chpasswd.cgi appears here but if i change the PWD and add 'admin' as current = user i get an "Fehler: Benutzername existiert nicht" have currently not found= log messages which points out anything of this problem. Some even small feedback from here. Greetings, Erik --===============3145447867852028790==--