This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core115 has been updated via 6c6c1e3f043b7c4e99fabb6e92fce226089392af (commit) via 348ba8e2c54db7608ca9c2584c4c14b3466e6fbb (commit) via 9dcfcb003985d3296473aee9032a324bba9d94dc (commit) via 77ad762c430761bbf2d4be03bf2836d99685359d (commit) from 5fd54721c2275def506ac54cc2e4e810f57fa491 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 6c6c1e3f043b7c4e99fabb6e92fce226089392af Author: Peter Müller peter.mueller@link38.eu Date: Tue Oct 17 19:49:07 2017 +0200
redirect to TLS WebUI if authorisation required
Do not allow credentials being submitted in plaintext to Apache. Instead, redirect the user with a 301 to the TLS version of IPFire's web interface.
Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++---------------- lfs/Config | 2 +- lfs/cdrom | 2 +- 3 files changed, 10 insertions(+), 18 deletions(-)
Difference in files: diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf index 27fd25a..be15cd0 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -12,25 +12,17 @@ Require all granted </Directory> <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%%7BSERVER_NAME%7D:444/$1 [R=301,L] </DirectoryMatch> ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ <Directory /srv/web/ipfire/cgi-bin> - AllowOverride None - Options None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin - <Files chpasswd.cgi> - Require all granted - </Files> - <Files webaccess.cgi> - Require all granted - </Files> + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%%7BSERVER_NAME%7D:444/$1 [R=301,L] </Directory> Alias /updatecache/ /var/updatecache/ <Directory /var/updatecache> diff --git a/lfs/Config b/lfs/Config index d2ac8e4..1077f25 100644 --- a/lfs/Config +++ b/lfs/Config @@ -204,7 +204,7 @@ define PAK tar xf /install/packages/package/files.tmp -C /install/packages/package/tmp/ \ -p --numeric-owner rm -f /install/packages/package/files.tmp - cd /install/packages/package/tmp/ && XZ_OPT="-T0 --best" tar -c -p --numeric-owner -J -f /install/packages/package/files.tar.xz * + cd /install/packages/package/tmp/ && XZ_OPT=-T0 tar -c -p --numeric-owner -J -f /install/packages/package/files.tar.xz * rm -r /install/packages/package/tmp -cat /install/packages/package/ROOTFILES | grep -v "#" > /install/packages/package/ROOTFILES.tmp mv /install/packages/package/ROOTFILES.tmp /install/packages/package/ROOTFILES diff --git a/lfs/cdrom b/lfs/cdrom index 2f15103..7a7fff1 100644 --- a/lfs/cdrom +++ b/lfs/cdrom @@ -36,7 +36,7 @@ else endif
# Enable multi-threaded compression for LZMA -export XZ_OPT = --threads=0 --best +export XZ_OPT = --threads=0
############################################################################### # Top-level Rules
hooks/post-receive -- IPFire 2.x development tree