redirect to TLS WebUI if authorisation required
Commit Message
Do not allow credentials being submitted in plaintext to Apache.
Instead, redirect the user with a 301 to the TLS version of IPFire's
web interface.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
Comments
Hi,
I get the following message from Git:
[root@rice-oxley ipfire-2.x]# pwclient git-am -s 1450
Applying patch #1450 using 'git am -s'
Description: redirect to TLS WebUI if authorisation required
Applying: redirect to TLS WebUI if authorisation required
error: corrupt patch at line 41
Patch failed at 0001 redirect to TLS WebUI if authorisation required
The copy of the patch that failed is found in: .git/rebase-apply/patch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
'git am' failed with exit status 128
Any idea why it might be corrupted?
-Michael
On Tue, 2017-10-10 at 15:35 +0200, Peter Müller wrote:
> Do not allow credentials being submitted in plaintext to Apache.
> Instead, redirect the user with a 301 to the TLS version of IPFire's
> web interface.
>
> Signed-off-by: Peter Müller <peter.mueller@link38.eu>
> ---
> diff --git a/config/httpd/vhosts.d/ipfire-interface.conf
> b/config/httpd/vhosts.d/ipfire-interface.conf
> index 619f90fcc..41d10c874 100644
> --- a/config/httpd/vhosts.d/ipfire-interface.conf
> +++ b/config/httpd/vhosts.d/ipfire-interface.conf
> @@ -12,36 +12,17 @@
> Require all granted
> </Directory>
> <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
> - AuthName "IPFire - Restricted"
> - AuthType Basic
> - AuthUserFile /var/ipfire/auth/users
> - Require user admin
> + Options SymLinksIfOwnerMatch
> + RewriteEngine on
> + RewriteCond %{HTTPS} off
> + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> </DirectoryMatch>
> ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
> <Directory /srv/web/ipfire/cgi-bin>
> - AllowOverride None
> - Options None
> - AuthName "IPFire - Restricted"
> - AuthType Basic
> - AuthUserFile /var/ipfire/auth/users
> - Require user admin
> - <Files chpasswd.cgi>
> - Require all granted
> - </Files>
> - <Files webaccess.cgi>
> - Require all granted
> - </Files>
> - </Directory>
> + Options SymLinksIfOwnerMatch
> + RewriteEngine on
> + RewriteCond %{HTTPS} off
> + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
> </Directory>
> Alias /updatecache/ /var/updatecache/
> <Directory /var/updatecache>
@@ -12,36 +12,17 @@
Require all granted
</Directory>
<DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
+ Options SymLinksIfOwnerMatch
+ RewriteEngine on
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</DirectoryMatch>
ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
<Directory /srv/web/ipfire/cgi-bin>
- AllowOverride None
- Options None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
- <Files chpasswd.cgi>
- Require all granted
- </Files>
- <Files webaccess.cgi>
- Require all granted
- </Files>
- </Directory>
+ Options SymLinksIfOwnerMatch
+ RewriteEngine on
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</Directory>
Alias /updatecache/ /var/updatecache/
<Directory /var/updatecache>