redirect to TLS WebUI if authorisation required
Commit Message
Do not allow credentials being submitted in plaintext to Apache.
Instead, redirect the user with a 301 to the TLS version of IPFire's
web interface.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++----------------
1 file changed, 8 insertions(+), 16 deletions(-)
@@ -12,25 +12,17 @@
Require all granted
</Directory>
<DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
+ Options SymLinksIfOwnerMatch
+ RewriteEngine on
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</DirectoryMatch>
ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
<Directory /srv/web/ipfire/cgi-bin>
- AllowOverride None
- Options None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
- <Files chpasswd.cgi>
- Require all granted
- </Files>
- <Files webaccess.cgi>
- Require all granted
- </Files>
+ Options SymLinksIfOwnerMatch
+ RewriteEngine on
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</Directory>
Alias /updatecache/ /var/updatecache/
<Directory /var/updatecache>