diff options
author | Rob Crittenden <rcritten@redhat.com> | 2007-10-19 10:14:30 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2007-10-19 10:14:30 -0400 |
commit | ba0adcffb1a12b1aedc982c801268f5d9556c835 (patch) | |
tree | 39483d503eab5d3d43affcba206db84e3d1b1f06 /ipa-server/xmlrpc-server | |
parent | 086193af0a375908b619116ca80de6dc4410d1a2 (diff) | |
download | freeipa-ba0adcffb1a12b1aedc982c801268f5d9556c835.tar.gz freeipa-ba0adcffb1a12b1aedc982c801268f5d9556c835.tar.xz freeipa-ba0adcffb1a12b1aedc982c801268f5d9556c835.zip |
Require SSL for the XML-RPC interface
Diffstat (limited to 'ipa-server/xmlrpc-server')
-rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 359fe2233..2f9c82e06 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -2,6 +2,13 @@ ProxyRequests Off +# Make all requests use SSL except for Kerberos authentication errors +RewriteEngine on + +RewriteCond %{SERVER_PORT} !^443$$ +RewriteCond %{REQUEST_URI} !^/(errors)/ +RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC] + <Proxy *> AuthType Kerberos AuthName "Kerberos Login" |