Hello Michael,
thanks for the hint.
Hi,
this patch doesn't apply against next?
Could you please rebase it?
Yes, sent in the patch a few seconds ago.
(I included both deleting unused directory configs and forcing TLS for authentications. Of course, one should always split his/her patches, but with these small changes, it does not make sense to me.)
On Mon, 2017-09-25 at 17:59 +0200, Peter Müller wrote:
Remove unused vhost configuration directives.
They are related to "dial.cgi" and /cgi-bin/dial/, which both do not exist in IPFire.
Signed-off-by: Peter Müller peter.mueller@link38.eu
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index bec0d580b..eef2d45e2 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -45,29 +45,12 @@ <Files webaccess.cgi> Require all granted </Files>
<Files dial.cgi>
<RequireAll>
Require user admin
Require ssl
I think that line doesn't exist in next.
Yes, it was from the old "[v2] force transport encryption for WebUI logins"-patch.
</RequireAll>
</Files>
</Directory>
- <Directory /srv/web/ipfire/cgi-bin/dial>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
<RequireAll>
Require user admin dial
Require ssl
</RequireAll>
</Directory> <Files ~ "\.(cgi|shtml?)$">
- SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
Indentation has also changed here.
I see.
The new combined patch should work now. :-)
Best regards, Peter Müller
</Files> <Directory /srv/web/ipfire/cgi-bin>
- SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
And here.
</Directory> SetEnv HOME /home/nobody SetEnvIf User-Agent ".*MSIE.*" \
diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf index a0537b392..57cf8ba17 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -25,13 +25,6 @@ RewriteCond %{HTTPS} off RewriteRule (.*) https://%%7BSERVER_NAME%7D:444/$1 [R=301,L] </Directory>
- <Directory /srv/web/ipfire/cgi-bin/dial>
AllowOverride None
Options SymLinksIfOwnerMatch
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</Directory> Alias /updatecache/ /var/updatecache/ <Directory /var/updatecache> Options ExecCGI
-Michael