Bug 25647

Summary: Zwangsumleitung auf SSL-gesicherte Seite ermöglichen
Product: UCS Reporter: Jan Christoph Ebersbach <ebersbach>
Component: ApacheAssignee: Bugzilla Mailingliste <bugzilla>
Status: CLOSED DUPLICATE QA Contact:
Severity: minor    
Priority: P5 CC: best, birkefeld, da, gohmann, grandjean, hahn, meybohm, petersen
Version: UCS 3.0   
Target Milestone: UCS 3.x   
Hardware: Other   
OS: Linux   
See Also: http://forge.univention.org/bugzilla/show_bug.cgi?id=38016
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): External feedback, Security
Max CVSS v3 score:

Description Jan Christoph Ebersbach univentionstaff 2011-12-30 21:04:28 CET 
UCS sollte die Zwangsumleitung von Anfragen auf die SSL-gesicherte Seite per UCR-Variable ermöglichen. Folgende Einstellungen sind dafür in die Datei /etc/apache2/sites-available/default einzufügen:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Comment 1 Jan Christoph Ebersbach univentionstaff 2013-12-06 10:36:57 CET 
*** Bug 14844 has been marked as a duplicate of this bug. ***
Comment 2 Jan Christoph Ebersbach univentionstaff 2014-10-09 08:43:46 CEST 
*** Bug 36103 has been marked as a duplicate of this bug. ***
Comment 3 Dirk Ahrnke 2014-10-18 09:25:19 CEST 
Given that more and more deployments may be seen outside internal networks, this enhancement might help to increase security.
In a second step it should be checked if it is possible to enable it by default.
Comment 4 Janis Meybohm univentionstaff 2014-10-24 09:47:38 CEST 
Requested again via 2014102321000202
Comment 5 Tobias Birkefeld univentionstaff 2015-06-29 16:16:47 CEST 

*** This bug has been marked as a duplicate of bug 38016 ***
Comment 6 Florian Best univentionstaff 2015-06-30 17:28:40 CEST 
yes, duplicate.

(In reply to Dirk Ahrnke from comment #3)
> Given that more and more deployments may be seen outside internal networks,
> this enhancement might help to increase security.
> In a second step it should be checked if it is possible to enable it by
> default.
Well, it has some disadvantages described in Bug #38016 comment 1.