No I don’t think so. Just merged it. Thanks. > On 18 Oct 2017, at 7:30 pm, Peter Müller wrote: > > Hello Michael, > >> Hi, >> >>> On Tue, 2017-10-17 at 19:49 +0200, Peter Müller wrote: >>> Do not allow credentials being submitted in plaintext to Apache. >>> Instead, redirect the user with a 301 to the TLS version of IPFire's >>> web interface. >>> >>> Not sure if this has been merged (and is working) yet... :-) >> >> Why do you doubt that this is working? > This patch does not appear in the public git repository. So I assume something > was wrong with it. > > Best regards, > Peter Müller >> >> -Michael >> >>> >>> Signed-off-by: Peter Müller >>> --- >>> config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++---------------- >>> 1 file changed, 8 insertions(+), 16 deletions(-) >>> >>> diff --git a/config/httpd/vhosts.d/ipfire-interface.conf >>> b/config/httpd/vhosts.d/ipfire-interface.conf >>> index 27fd25a95..be15cd041 100644 >>> --- a/config/httpd/vhosts.d/ipfire-interface.conf >>> +++ b/config/httpd/vhosts.d/ipfire-interface.conf >>> @@ -12,25 +12,17 @@ >>> Require all granted >>> >>> >>> - AuthName "IPFire - Restricted" >>> - AuthType Basic >>> - AuthUserFile /var/ipfire/auth/users >>> - Require user admin >>> + Options SymLinksIfOwnerMatch >>> + RewriteEngine on >>> + RewriteCond %{HTTPS} off >>> + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] >>> >>> ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ >>> >>> - AllowOverride None >>> - Options None >>> - AuthName "IPFire - Restricted" >>> - AuthType Basic >>> - AuthUserFile /var/ipfire/auth/users >>> - Require user admin >>> - >>> - Require all granted >>> - >>> - >>> - Require all granted >>> - >>> + Options SymLinksIfOwnerMatch >>> + RewriteEngine on >>> + RewriteCond %{HTTPS} off >>> + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] >>> >>> Alias /updatecache/ /var/updatecache/ >>> >