summaryrefslogtreecommitdiffstats
path: root/ipa-server/xmlrpc-server
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2007-10-19 10:14:30 -0400
committerRob Crittenden <rcritten@redhat.com>2007-10-19 10:14:30 -0400
commitba0adcffb1a12b1aedc982c801268f5d9556c835 (patch)
tree39483d503eab5d3d43affcba206db84e3d1b1f06 /ipa-server/xmlrpc-server
parent086193af0a375908b619116ca80de6dc4410d1a2 (diff)
downloadfreeipa-ba0adcffb1a12b1aedc982c801268f5d9556c835.tar.gz
freeipa-ba0adcffb1a12b1aedc982c801268f5d9556c835.tar.xz
freeipa-ba0adcffb1a12b1aedc982c801268f5d9556c835.zip
Require SSL for the XML-RPC interface
Diffstat (limited to 'ipa-server/xmlrpc-server')
-rw-r--r--ipa-server/xmlrpc-server/ipa.conf7
1 files changed, 7 insertions, 0 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf
index 359fe2233..2f9c82e06 100644
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -2,6 +2,13 @@
ProxyRequests Off
+# Make all requests use SSL except for Kerberos authentication errors
+RewriteEngine on
+
+RewriteCond %{SERVER_PORT} !^443$$
+RewriteCond %{REQUEST_URI} !^/(errors)/
+RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC]
+
<Proxy *>
AuthType Kerberos
AuthName "Kerberos Login"