Redirect to the FQDN otherwise kerberos auth may fail

author: Rob Crittenden <rcritten@redhat.com> 2007-11-12 14:47:48 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2007-11-12 14:47:48 -0500
commit: 547e6e920e13a312813b21b62091051424bafacb (patch)
tree: 4817b4278aeb98251b2fb62b5213d6b62ee1e170 /ipa-server
parent: e1ca8c235c5bdd9001c2bbabaded1f1773196eca (diff)
download: freeipa-547e6e920e13a312813b21b62091051424bafacb.tar.gz
freeipa-547e6e920e13a312813b21b62091051424bafacb.tar.xz
freeipa-547e6e920e13a312813b21b62091051424bafacb.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf
index 2931b86dd..fbf26b67c 100644
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -2,12 +2,18 @@
 
 ProxyRequests Off
 
-# Make all requests use SSL except for Kerberos authentication errors
 RewriteEngine on
 
+# Redirect to the fully-qualified hostname. Not redirecting to secure
+# port so configuration files can be retrieved without requiring SSL.
+RewriteCond %{HTTP_HOST}    !^$FQDN$$ [NC]
+RewriteRule ^/(.*)          http://$FQDN/$$1 [L,R=301]
+
+# Redirect to the secure port if not displaying an error or retrieving
+# configuration.
 RewriteCond %{SERVER_PORT}  !^443$$
 RewriteCond %{REQUEST_URI}  !^/(errors|config)/
-RewriteRule ^/(.*)          https://%{SERVER_NAME}/$$1 [L,R,NC]
+RewriteRule ^/(.*)          https://$FQDN/$$1 [L,R=301,NC]
 
 <Proxy *>
   AuthType Kerberos
author	Rob Crittenden <rcritten@redhat.com>	2007-11-12 14:47:48 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2007-11-12 14:47:48 -0500
commit	547e6e920e13a312813b21b62091051424bafacb (patch)
tree	4817b4278aeb98251b2fb62b5213d6b62ee1e170 /ipa-server
parent	e1ca8c235c5bdd9001c2bbabaded1f1773196eca (diff)
download	freeipa-547e6e920e13a312813b21b62091051424bafacb.tar.gz freeipa-547e6e920e13a312813b21b62091051424bafacb.tar.xz freeipa-547e6e920e13a312813b21b62091051424bafacb.zip