Re: [PATCH v3] redirect to TLS WebUI if authorisation required

Hi,

On Tue, 2017-10-17 at 19:49 +0200, Peter Müller wrote:

Do not allow credentials being submitted in plaintext to Apache. Instead, redirect the user with a 301 to the TLS version of IPFire's web interface.

Not sure if this has been merged (and is working) yet... :-)

Why do you doubt that this is working?

-Michael

Signed-off-by: Peter Müller peter.mueller@link38.eu

config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf index 27fd25a95..be15cd041 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -12,25 +12,17 @@ Require all granted </Directory> <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">

•    AuthName "IPFire - Restricted"
  

•    AuthType Basic
  

•    AuthUserFile /var/ipfire/auth/users
  

•    Require user admin
  

•    Options SymLinksIfOwnerMatch
  

•    RewriteEngine on
  

•    RewriteCond %{HTTPS} off
  

•    RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
  

  </DirectoryMatch> ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ <Directory /srv/web/ipfire/cgi-bin>

•    AllowOverride None
  

•    Options None
  

•    AuthName "IPFire - Restricted"
  

•    AuthType Basic
  

•    AuthUserFile /var/ipfire/auth/users
  

•    Require user admin
  

•     <Files chpasswd.cgi>
  

•        Require all granted
  

•    </Files>
  

•    <Files webaccess.cgi>
  

•        Require all granted
  

•    </Files>
  

•    Options SymLinksIfOwnerMatch
  

•    RewriteEngine on
  

•    RewriteCond %{HTTPS} off
  

•    RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
  

  </Directory> Alias /updatecache/ /var/updatecache/ <Directory /var/updatecache>