[PATCH v2] also force TLS when requiring user authentication in WebUI - Development

11 Oct 2017

Force TLS _and_ a valid login when accessing protected directories.
Signed-off-by: Peter Müller peter.mueller@link38.eu
---

diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index e9ad26a96..816b9e637 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -23,7 +23,10 @@
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
     </DirectoryMatch>
     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
     <Directory /srv/web/ipfire/cgi-bin>
@@ -32,7 +35,10 @@
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
         <Files chpasswd.cgi>
             Require all granted
         </Files>
@@ -74,6 +80,9 @@
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
     </Directory>
 </VirtualHost>

    