diff options
Diffstat (limited to 'ipa-server/xmlrpc-server')
-rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 2931b86dd..fbf26b67c 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -2,12 +2,18 @@ ProxyRequests Off -# Make all requests use SSL except for Kerberos authentication errors RewriteEngine on +# Redirect to the fully-qualified hostname. Not redirecting to secure +# port so configuration files can be retrieved without requiring SSL. +RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] +RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] + +# Redirect to the secure port if not displaying an error or retrieving +# configuration. RewriteCond %{SERVER_PORT} !^443$$ RewriteCond %{REQUEST_URI} !^/(errors|config)/ -RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC] +RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] <Proxy *> AuthType Kerberos |