From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH v3] redirect to TLS WebUI if authorisation required
Date: Wed, 18 Oct 2017 21:15:01 +0100
Message-ID: <ED627FDC-7BD1-4C6C-9D51-FFAF0D26FA0B@ipfire.org>
In-Reply-To: <20171018203024.4a759d18.peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6728368861441404787=="
List-Id: <development.lists.ipfire.org>

--===============6728368861441404787==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

No I don=E2=80=99t think so.

Just merged it. Thanks.

> On 18 Oct 2017, at 7:30 pm, Peter M=C3=BCller <peter.mueller(a)link38.eu> w=
rote:
>=20
> Hello Michael,
>=20
>> Hi,
>>=20
>>> On Tue, 2017-10-17 at 19:49 +0200, Peter M=C3=BCller wrote:
>>> Do not allow credentials being submitted in plaintext to Apache.
>>> Instead, redirect the user with a 301 to the TLS version of IPFire's
>>> web interface.
>>>=20
>>> Not sure if this has been merged (and is working) yet... :-) =20
>>=20
>> Why do you doubt that this is working?
> This patch does not appear in the public git repository. So I assume someth=
ing
> was wrong with it.
>=20
> Best regards,
> Peter M=C3=BCller
>>=20
>> -Michael
>>=20
>>>=20
>>> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
>>> ---
>>> config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++----------------
>>> 1 file changed, 8 insertions(+), 16 deletions(-)
>>>=20
>>> diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
>>> b/config/httpd/vhosts.d/ipfire-interface.conf
>>> index 27fd25a95..be15cd041 100644
>>> --- a/config/httpd/vhosts.d/ipfire-interface.conf
>>> +++ b/config/httpd/vhosts.d/ipfire-interface.conf
>>> @@ -12,25 +12,17 @@
>>>         Require all granted
>>>     </Directory>
>>>     <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
>>> -        AuthName "IPFire - Restricted"
>>> -        AuthType Basic
>>> -        AuthUserFile /var/ipfire/auth/users
>>> -        Require user admin
>>> +        Options SymLinksIfOwnerMatch
>>> +        RewriteEngine on
>>> +        RewriteCond %{HTTPS} off
>>> +        RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L]
>>>     </DirectoryMatch>
>>>     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
>>>     <Directory /srv/web/ipfire/cgi-bin>
>>> -        AllowOverride None
>>> -        Options None
>>> -        AuthName "IPFire - Restricted"
>>> -        AuthType Basic
>>> -        AuthUserFile /var/ipfire/auth/users
>>> -        Require user admin
>>> -         <Files chpasswd.cgi>
>>> -            Require all granted
>>> -        </Files>
>>> -        <Files webaccess.cgi>
>>> -            Require all granted
>>> -        </Files>
>>> +        Options SymLinksIfOwnerMatch
>>> +        RewriteEngine on
>>> +        RewriteCond %{HTTPS} off
>>> +        RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=3D301,L]
>>>     </Directory>
>>>     Alias /updatecache/ /var/updatecache/
>>>    <Directory /var/updatecache> =20
>=20


--===============6728368861441404787==--