remove unused directories from Apache vhost configs
Commit Message
Remove unused vhost configuration directives.
They are related to "dial.cgi" and /cgi-bin/dial/, which
both do not exist in IPFire.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
Comments
Hi,
this patch doesn't apply against next?
Could you please rebase it?
On Mon, 2017-09-25 at 17:59 +0200, Peter Müller wrote:
> Remove unused vhost configuration directives.
>
> They are related to "dial.cgi" and /cgi-bin/dial/, which
> both do not exist in IPFire.
>
> Signed-off-by: Peter Müller <peter.mueller@link38.eu>
> ---
> diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> index bec0d580b..eef2d45e2 100644
> --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> @@ -45,29 +45,12 @@
> <Files webaccess.cgi>
> Require all granted
> </Files>
> - <Files dial.cgi>
> - <RequireAll>
> - Require user admin
> - Require ssl
I think that line doesn't exist in next.
> - </RequireAll>
> - </Files>
> - </Directory>
> - <Directory /srv/web/ipfire/cgi-bin/dial>
> - AllowOverride None
> - Options None
> - AuthName "IPFire - Restricted"
> - AuthType Basic
> - AuthUserFile /var/ipfire/auth/users
> - <RequireAll>
> - Require user admin dial
> - Require ssl
> - </RequireAll>
> </Directory>
> <Files ~ "\.(cgi|shtml?)$">
> - SSLOptions +StdEnvVars
> + SSLOptions +StdEnvVars
Indentation has also changed here.
> </Files>
> <Directory /srv/web/ipfire/cgi-bin>
> - SSLOptions +StdEnvVars
> + SSLOptions +StdEnvVars
And here.
> </Directory>
> SetEnv HOME /home/nobody
> SetEnvIf User-Agent ".*MSIE.*" \
> diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> b/config/httpd/vhosts.d/ipfire-interface.conf
> index a0537b392..57cf8ba17 100644
> --- a/config/httpd/vhosts.d/ipfire-interface.conf
> +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> @@ -25,13 +25,6 @@
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> </Directory>
> - <Directory /srv/web/ipfire/cgi-bin/dial>
> - AllowOverride None
> - Options SymLinksIfOwnerMatch
> - RewriteEngine on
> - RewriteCond %{HTTPS} off
> - RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> - </Directory>
> Alias /updatecache/ /var/updatecache/
> <Directory /var/updatecache>
> Options ExecCGI
-Michael
Hello Michael,
thanks for the hint.
> Hi,
>
> this patch doesn't apply against next?
>
> Could you please rebase it?
Yes, sent in the patch a few seconds ago.
(I included both deleting unused directory configs and forcing
TLS for authentications. Of course, one should always split his/her
patches, but with these small changes, it does not make sense to me.)
>
> On Mon, 2017-09-25 at 17:59 +0200, Peter Müller wrote:
> > Remove unused vhost configuration directives.
> >
> > They are related to "dial.cgi" and /cgi-bin/dial/, which
> > both do not exist in IPFire.
> >
> > Signed-off-by: Peter Müller <peter.mueller@link38.eu>
> > ---
> > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > index bec0d580b..eef2d45e2 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > @@ -45,29 +45,12 @@
> > <Files webaccess.cgi>
> > Require all granted
> > </Files>
> > - <Files dial.cgi>
> > - <RequireAll>
> > - Require user admin
> > - Require ssl
>
> I think that line doesn't exist in next.
Yes, it was from the old "[v2] force transport encryption for WebUI logins"-patch.
>
> > - </RequireAll>
> > - </Files>
> > - </Directory>
> > - <Directory /srv/web/ipfire/cgi-bin/dial>
> > - AllowOverride None
> > - Options None
> > - AuthName "IPFire - Restricted"
> > - AuthType Basic
> > - AuthUserFile /var/ipfire/auth/users
> > - <RequireAll>
> > - Require user admin dial
> > - Require ssl
> > - </RequireAll>
> > </Directory>
> > <Files ~ "\.(cgi|shtml?)$">
> > - SSLOptions +StdEnvVars
> > + SSLOptions +StdEnvVars
>
> Indentation has also changed here.
I see.
The new combined patch should work now. :-)
Best regards,
Peter Müller
>
> > </Files>
> > <Directory /srv/web/ipfire/cgi-bin>
> > - SSLOptions +StdEnvVars
> > + SSLOptions +StdEnvVars
>
> And here.
>
> > </Directory>
> > SetEnv HOME /home/nobody
> > SetEnvIf User-Agent ".*MSIE.*" \
> > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> > b/config/httpd/vhosts.d/ipfire-interface.conf
> > index a0537b392..57cf8ba17 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> > @@ -25,13 +25,6 @@
> > RewriteCond %{HTTPS} off
> > RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > </Directory>
> > - <Directory /srv/web/ipfire/cgi-bin/dial>
> > - AllowOverride None
> > - Options SymLinksIfOwnerMatch
> > - RewriteEngine on
> > - RewriteCond %{HTTPS} off
> > - RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > - </Directory>
> > Alias /updatecache/ /var/updatecache/
> > <Directory /var/updatecache>
> > Options ExecCGI
>
> -Michael
Hi,
On Mon, 2017-10-09 at 22:24 +0200, Peter Müller wrote:
> Hello Michael,
>
> thanks for the hint.
>
> > Hi,
> >
> > this patch doesn't apply against next?
> >
> > Could you please rebase it?
>
> Yes, sent in the patch a few seconds ago.
>
> (I included both deleting unused directory configs and forcing
> TLS for authentications. Of course, one should always split his/her
> patches, but with these small changes, it does not make sense to me.)
You guessed right. And it does make sense :)
> >
> > On Mon, 2017-09-25 at 17:59 +0200, Peter Müller wrote:
> > > Remove unused vhost configuration directives.
> > >
> > > They are related to "dial.cgi" and /cgi-bin/dial/, which
> > > both do not exist in IPFire.
> > >
> > > Signed-off-by: Peter Müller <peter.mueller@link38.eu>
> > > ---
> > > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > index bec0d580b..eef2d45e2 100644
> > > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > @@ -45,29 +45,12 @@
> > > <Files webaccess.cgi>
> > > Require all granted
> > > </Files>
> > > - <Files dial.cgi>
> > > - <RequireAll>
> > > - Require user admin
> > > - Require ssl
> >
> > I think that line doesn't exist in next.
>
> Yes, it was from the old "[v2] force transport encryption for WebUI logins"-
> patch.
The best way would be to have a patchset then with all of them in it. Or just
submit one after the other. Up to you.
> >
> > > - </RequireAll>
> > > - </Files>
> > > - </Directory>
> > > - <Directory /srv/web/ipfire/cgi-bin/dial>
> > > - AllowOverride None
> > > - Options None
> > > - AuthName "IPFire - Restricted"
> > > - AuthType Basic
> > > - AuthUserFile /var/ipfire/auth/users
> > > - <RequireAll>
> > > - Require user admin dial
> > > - Require ssl
> > > - </RequireAll>
> > > </Directory>
> > > <Files ~ "\.(cgi|shtml?)$">
> > > - SSLOptions +StdEnvVars
> > > + SSLOptions +StdEnvVars
> >
> > Indentation has also changed here.
>
> I see.
>
> The new combined patch should work now. :-)
>
> Best regards,
> Peter Müller
> >
> > > </Files>
> > > <Directory /srv/web/ipfire/cgi-bin>
> > > - SSLOptions +StdEnvVars
> > > + SSLOptions +StdEnvVars
> >
> > And here.
> >
> > > </Directory>
> > > SetEnv HOME /home/nobody
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > > diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> > > b/config/httpd/vhosts.d/ipfire-interface.conf
> > > index a0537b392..57cf8ba17 100644
> > > --- a/config/httpd/vhosts.d/ipfire-interface.conf
> > > +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> > > @@ -25,13 +25,6 @@
> > > RewriteCond %{HTTPS} off
> > > RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > > </Directory>
> > > - <Directory /srv/web/ipfire/cgi-bin/dial>
> > > - AllowOverride None
> > > - Options SymLinksIfOwnerMatch
> > > - RewriteEngine on
> > > - RewriteCond %{HTTPS} off
> > > - RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> > > - </Directory>
> > > Alias /updatecache/ /var/updatecache/
> > > <Directory /var/updatecache>
> > > Options ExecCGI
> >
> > -Michael
>
>
-Michael
@@ -45,29 +45,12 @@
<Files webaccess.cgi>
Require all granted
</Files>
- <Files dial.cgi>
- <RequireAll>
- Require user admin
- Require ssl
- </RequireAll>
- </Files>
- </Directory>
- <Directory /srv/web/ipfire/cgi-bin/dial>
- AllowOverride None
- Options None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- <RequireAll>
- Require user admin dial
- Require ssl
- </RequireAll>
</Directory>
<Files ~ "\.(cgi|shtml?)$">
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
</Files>
<Directory /srv/web/ipfire/cgi-bin>
- SSLOptions +StdEnvVars
+ SSLOptions +StdEnvVars
</Directory>
SetEnv HOME /home/nobody
SetEnvIf User-Agent ".*MSIE.*" \
@@ -25,13 +25,6 @@
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</Directory>
- <Directory /srv/web/ipfire/cgi-bin/dial>
- AllowOverride None
- Options SymLinksIfOwnerMatch
- RewriteEngine on
- RewriteCond %{HTTPS} off
- RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
- </Directory>
Alias /updatecache/ /var/updatecache/
<Directory /var/updatecache>
Options ExecCGI