diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-02-21 16:25:09 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-02-21 16:25:09 -0500 |
| commit | 49148dc34a5fbd40f8e500e59691cea1600c9a86 (patch) | |
| tree | 5c9f12194f7a5e1594e643609de89e0cb4a38561 /ipa-server/xmlrpc-server | |
| parent | 84d1e08d7651d04fffc68d8e25f2568879840ae1 (diff) | |
| download | freeipa-49148dc34a5fbd40f8e500e59691cea1600c9a86.tar.gz freeipa-49148dc34a5fbd40f8e500e59691cea1600c9a86.tar.xz freeipa-49148dc34a5fbd40f8e500e59691cea1600c9a86.zip | |
Redirect users when they don't use the FQDN on both SSL and non-SSL ports
We update the mod_nss configuration (nss.conf) during installation to include
ipa-rewrite.conf to handle the SSL side.
433054
Diffstat (limited to 'ipa-server/xmlrpc-server')
| -rw-r--r-- | ipa-server/xmlrpc-server/Makefile.am | 1 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa-rewrite.conf | 12 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 13 |
3 files changed, 14 insertions, 12 deletions
diff --git a/ipa-server/xmlrpc-server/Makefile.am b/ipa-server/xmlrpc-server/Makefile.am index cf1420197..49457ba4c 100644 --- a/ipa-server/xmlrpc-server/Makefile.am +++ b/ipa-server/xmlrpc-server/Makefile.am @@ -24,6 +24,7 @@ server_PYTHON = \ appdir = $(IPA_DATA_DIR) app_DATA = \ ipa.conf \ + ipa-rewrite.conf \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/xmlrpc-server/ipa-rewrite.conf b/ipa-server/xmlrpc-server/ipa-rewrite.conf new file mode 100644 index 000000000..977be7398 --- /dev/null +++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf @@ -0,0 +1,12 @@ +RewriteEngine on + +# Redirect to the fully-qualified hostname. Not redirecting to secure +# port so configuration files can be retrieved without requiring SSL. +RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] +RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] + +# Redirect to the secure port if not displaying an error or retrieving +# configuration. +RewriteCond %{SERVER_PORT} !^443$$ +RewriteCond %{REQUEST_URI} !^/(errors|config|favicon.ico) +RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 4e8bf528f..10c9b5ec2 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -2,18 +2,7 @@ ProxyRequests Off -RewriteEngine on - -# Redirect to the fully-qualified hostname. Not redirecting to secure -# port so configuration files can be retrieved without requiring SSL. -RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] -RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] - -# Redirect to the secure port if not displaying an error or retrieving -# configuration. -RewriteCond %{SERVER_PORT} !^443$$ -RewriteCond %{REQUEST_URI} !^/(errors|config|favicon.ico) -RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] +# ipa-rewrite.conf is loaded separately # This is required so the auto-configuration works with Firefox 2+ AddType application/java-archive jar |