First Last Prev Next    This bug is not in your last search results.
Bug 25647 - Zwangsumleitung auf SSL-gesicherte Seite ermöglichen
Zwangsumleitung auf SSL-gesicherte Seite ermöglichen
Status: CLOSED DUPLICATE of bug 38016
Product: UCS
Classification: Unclassified
Component: Apache
UCS 3.0
Other Linux
: P5 minor (vote)
: UCS 3.x
Assigned To: Bugzilla Mailingliste
:
: 14844 36103 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-30 21:04 CET by Jan Christoph Ebersbach
Modified: 2023-03-25 06:49 CET (History)
8 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback, Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Christoph Ebersbach univentionstaff 2011-12-30 21:04:28 CET 
UCS sollte die Zwangsumleitung von Anfragen auf die SSL-gesicherte Seite per UCR-Variable ermöglichen. Folgende Einstellungen sind dafür in die Datei /etc/apache2/sites-available/default einzufügen:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Comment 1 Jan Christoph Ebersbach univentionstaff 2013-12-06 10:36:57 CET 
*** Bug 14844 has been marked as a duplicate of this bug. ***
Comment 2 Jan Christoph Ebersbach univentionstaff 2014-10-09 08:43:46 CEST 
*** Bug 36103 has been marked as a duplicate of this bug. ***
Comment 3 Dirk Ahrnke 2014-10-18 09:25:19 CEST 
Given that more and more deployments may be seen outside internal networks, this enhancement might help to increase security.
In a second step it should be checked if it is possible to enable it by default.
Comment 4 Janis Meybohm univentionstaff 2014-10-24 09:47:38 CEST 
Requested again via 2014102321000202
Comment 5 Tobias Birkefeld univentionstaff 2015-06-29 16:16:47 CEST 

*** This bug has been marked as a duplicate of bug 38016 ***
Comment 6 Florian Best univentionstaff 2015-06-30 17:28:40 CEST 
yes, duplicate.

(In reply to Dirk Ahrnke from comment #3)
> Given that more and more deployments may be seen outside internal networks,
> this enhancement might help to increase security.
> In a second step it should be checked if it is possible to enable it by
> default.
Well, it has some disadvantages described in Bug #38016 comment 1.
First Last Prev Next    This bug is not in your last search results.