also force TLS when requiring user authentication in WebUI
authorPeter Müller <peter.mueller@link38.eu>
Wed, 11 Oct 2017 16:30:50 +0000 (18:30 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 11 Oct 2017 19:06:27 +0000 (20:06 +0100)
Force TLS _and_ a valid login when accessing protected directories.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/httpd/vhosts.d/ipfire-interface-ssl.conf

index 42f5939..c9ccd5b 100644 (file)
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
     </DirectoryMatch>
     ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
     <Directory /srv/web/ipfire/cgi-bin>
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
         <Files chpasswd.cgi>
             Require all granted
         </Files>
@@ -76,6 +82,9 @@
         AuthName "IPFire - Restricted"
         AuthType Basic
         AuthUserFile /var/ipfire/auth/users
-        Require user admin
+        <RequireAll>
+            Require user admin
+            Require ssl
+        </RequireAll>
     </Directory>
 </VirtualHost>