webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-18 23:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,120 Commits 2 Branches 1 Tag
c484679bb3ea4672bf34ba3fd1d5d7596f00a11a
Commit Graph

62 Commits

Author SHA1 Message Date
Peter Müller
50846453cb also force TLS when requiring user authentication in WebUI 
Force TLS _and_ a valid login when accessing protected directories.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:06:27 +01:00
Peter Müller
73ba228620 enable dual-stack ECDSA and RSA certificates in Apache 
Note: Apache crashes if any of these files does not exist. Thereof it
is necessary to generate missing keys on existing installations.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:37 +01:00
Peter Müller
f227ae4fd2 prefer ECDSA over RSA and remove clutter 
Priorize ECDSA before RSA and remove unused cipher suites.
Remove redundant OpenSSL directives to make SSL configuration more readable.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:16 +01:00
Peter Müller
b0b4d09c56 remove unused dial.cgi directives from Apache vhosts config 
Remove configuration lines in Apache vhosts files which
are not used anymore (old dial.cgi stuff).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 11:12:00 +01:00
Michael Tremer
fb96829a74 captive: Update configuration for Apache 2.4 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:34:29 +01:00
Michael Tremer
1d68e28753 captive: Do not try to execute the favicon 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
78148cc1e5 captive: Run apache in HTTP/1.0 mode 
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Tested-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
9b6227cc2a captive: Let apache follow symlinks to load bootstrap 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
0a02d9bb0c captive-portal: Move CGI files to CGI directory 
Previously the assets directory has ExecCGI privileges
which is not at all required and potentially dangerous.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
4ddf453804 captive: Reindent apache configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
a79b220c5a captive: Log into default apache log files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Alexander Marx
8b92078917 Captive-Portal: add web-part 
Introduce new Captive-Portal.
Here we add the menu, apache configuration (vhost), IPFire configuration
website and Captive-Portal Access site. Also the languagefiles are
updated.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Wolfgang Apolinarski
d41fe99f74 Update to apache 2.4.27 
- Updated to apache 2.4
- Updated the htpasswd generation to use the more secure bcrypt algorithm

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:40:20 +01:00
Peter Müller
0effbb3569 fix WebUI system information leak 
Disable unauthenticated access to cgi-bin/credits.cgi. The page
leaks the currently installed version of IPFire and the hardware
architecture.

Both information might make a successful attack much easier.

This issue can be reproduced by accessing https://[IPFire-IP]:444/cgi-bin/credits.cgi
and accepting a SSL certificate warning (if any).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:25:23 +01:00
Michael Tremer
ba2247a4b2 apache only supports MaxClients up to 256 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-04 18:59:44 +01:00
Michael Tremer
c016773b98 apache: Allow more processes/connections as the same time 
In large networks, when ever multiple clients connect at the
same time and request the proxy.pac configuration file, apache
rate-limited requests so that some clients did not get a response
and therefore could not connect to the Internet.

This allows apache to handle more connections at the same time.

Suggested-by: Thoralf Söldenwagner <soeldenwagner@brecht-schule.hamburg>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-02-28 11:32:08 +00:00
Michael Tremer
3b7d73d1d4 Fix potential HTTPoxy vulnerability 
https://httpoxy.org/

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-07-19 15:02:16 +01:00
Michael Tremer
afdf148388 Split web-user-interface from apache2 LFS file 
It is completely unnecssary to have this in one file
and using options for the LFS is more of a hack than
a solution.
 2015-05-05 14:00:20 +02:00
Michael Tremer
261121f1df Remove some left-over files 2015-03-18 15:18:56 +01:00
Michael Tremer
becbf67de7 apache: Do not show loaded modules 
The server header will show less information about the
modules of the apache daemon.

Fixes #10671
 2015-03-11 15:42:08 +01:00
Michael Tremer
a7006325c0 apache: Disable SSLv3 by default for the IPFire webinterface 2014-10-15 22:55:26 +02:00
Michael Tremer
69776cc42f apache: Update cipher suite that is used for the web user interface. 
Taken from here with exception of RC4.
  https://wiki.mozilla.org/Security/Server_Side_TLS#Apache
 2014-02-26 15:01:29 +01:00
Michael Tremer
f87161948c apache: Allow accessing sarg reports for admins. 2012-11-26 11:19:51 +01:00
Christian Schmidt
7b9fe2c864 apache: Tuning max spare servers to 10, this should speed up webinterface and updx. 2011-05-23 07:07:13 +02:00
Arne Fitzenreiter
3ae6726a8e Fix ssl-global.conf (settings was ignored). 2011-01-26 17:41:15 +01:00
Christian Schmidt
a4c7687980 Even if the ssl may never be used for this, the entry should be correct. 2010-06-21 22:42:08 +02:00
Christian Schmidt
7e62048742 Added urlrepo for local file redirection to httpd alias. 2010-06-21 21:03:20 +02:00
Arne Fitzenreiter
0bc58278b9 Fix update acclerator file download at webif. 
bug #0000667
 2010-06-21 20:45:33 +02:00
Arne Fitzenreiter
5af32f5c8c Add wpad.dat alias that point to proxy.pac. 2010-06-03 21:27:24 +02:00
Christian Schmidt
e9007fefa0 Fixed url filter repository for local redirects. 
This fixes bug #0000613
 2010-04-11 09:07:13 +02:00
Peter Pfeiffer
e2e23c306b last changes for Nagios (now on port 1008) 2009-03-24 21:54:50 +01:00
maniacikarus
128c258976 Forgotten the webconf 2009-03-14 15:06:33 +01:00
maniacikarus
ae882c0017 This should make nagios more ipfire-like 2009-03-14 15:05:17 +01:00
Peter Pfeiffer
6e17c7df06 Nagios addon install.sh with vhost Port 1007 added 2009-03-14 14:00:46 +01:00
Peter Pfeiffer
2b11cc8648 Modified config default-server.conf for nagios. 2009-03-10 12:39:10 +01:00
Arne Fitzenreiter
96a44fe5cb Removed mod_perl 2008-06-21 06:18:30 +02:00
Arne Fitzenreiter
6efa15b826 Fix Loadmodule mod_perl.so 
Add mod_perl config updater
 2008-06-14 17:27:32 +02:00
Arne Fitzenreiter
e4d854551f Esniper use https now, added esniper backup include 2008-06-03 22:51:12 +02:00
Michael Tremer
810a7ea2f2 Imported mod_perl by xpapa. 2008-05-22 12:09:57 +02:00
Michael Tremer
d115df8992 Added esniper. 2008-05-13 21:54:06 +02:00
maniacikarus
381f2e7111 Moved updbooster cache files to a larger partition 
Added changes to the first core update to avoid full root partitions


git-svn-id: http://svn.ipfire.org/svn/ipfire/branches/2.1/trunk@1113 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-12-02 10:15:52 +00:00
ms
6bb1416205 Typo in compilation commands of postfix. 
Now it works together with cyrus sasl!


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@1045 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-11-01 14:18:27 +00:00
ms
6f10c6a17d Three little fixes... 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@1019 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-10-28 14:24:48 +00:00
ms
71f264054e PHP is not existing at the beginning. 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@1013 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-10-27 21:39:23 +00:00
ms
58493e1ef0 Openmailadmin integriert. 
Webcyradm ist dagegen rausgefallen.
vhosts fuer openmailadmin und phpaj gemacht.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@891 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-09-15 18:18:23 +00:00
maniacikarus
ca9f21de73 Ohne Webinterface is doof 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@880 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-09-08 12:30:48 +00:00
ms
71ec207479 Php5-Konfuguration im Apache angepasst. 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@869 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-09-01 10:03:25 +00:00
ms
51f3b7f5af QoS-Graphen wieder eingebaut. 
usbutils und which Paket gemacht.
unbenoetigte Apache-Module werden nicht geladen.
Net-SSLeay gefixt - DynDNS braucht das.
Alsa-Module werden geladen.
Java-paket verkleinert.
Sambactrl gefixt.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@652 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-06-30 17:21:34 +00:00
ms
d733119b38 Alle htdocs nach /srv/web verschoben... 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@363 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2006-12-13 19:56:41 +00:00
ms
231048413c Starte SSH-Server beim Boot. 
Starte Cron-Server beim Boot.
Apache bearbeitet.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@357 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2006-12-05 21:57:32 +00:00