From 6c6c1e3f043b7c4e99fabb6e92fce226089392af Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Tue, 17 Oct 2017 19:49:07 +0200 Subject: [PATCH] redirect to TLS WebUI if authorisation required MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Do not allow credentials being submitted in plaintext to Apache. Instead, redirect the user with a 301 to the TLS version of IPFire's web interface. Signed-off-by: Peter Müller Signed-off-by: Michael Tremer --- config/httpd/vhosts.d/ipfire-interface.conf | 24 +++++++-------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf index 27fd25a95a..be15cd041c 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -12,25 +12,17 @@ Require all granted - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ - AllowOverride None - Options None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin - - Require all granted - - - Require all granted - + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L] Alias /updatecache/ /var/updatecache/ -- 2.39.5