Force TLS _and_ a valid login when accessing protected directories.
Signed-off-by: Peter Müller peter.mueller@link38.eu --- config/httpd/vhosts.d/ipfire-interface-ssl.conf | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index e9ad26a96..816b9e637 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -23,7 +23,10 @@ AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users - Require user admin + <RequireAll> + Require user admin + Require ssl + </RequireAll> </DirectoryMatch> ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ <Directory /srv/web/ipfire/cgi-bin> @@ -32,7 +35,10 @@ AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users - Require user admin + <RequireAll> + Require user admin + Require ssl + </RequireAll> <Files chpasswd.cgi> Require all granted </Files> @@ -74,6 +80,9 @@ AuthName "IPFire - Restricted" AuthType Basic AuthUserFile /var/ipfire/auth/users - Require user admin + <RequireAll> + Require user admin + Require ssl + </RequireAll> </Directory> </VirtualHost>