version 1.48, 2020/01/04 18:03:16
|
version 1.52, 2020/02/17 13:44:12
|
Line 197 else {
|
Line 197 else {
|
'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off. |
'of requests for http:// to https:// '."\n".'or:'."\n".$rewrite_off. |
' - the file used to disable such rewriting'."\n\n". |
' - the file used to disable such rewriting'."\n\n". |
'This may be because '. $curr_rewrite.' has been '. |
'This may be because '. $curr_rewrite.' has been '. |
'previously customized,'."\n".' or it may be because of a change '. |
'previously customized,'."\n".'or it may be because of a change '. |
'to the files in '.$rewrite_dir."\n"); |
'to the files in '.$rewrite_dir."\n"); |
if (open(my $fh,'<',$curr_rewrite)) { |
if (open(my $fh,'<',$curr_rewrite)) { |
while(<$fh>) { |
while(<$fh>) { |
Line 219 else {
|
Line 219 else {
|
|| '<DIST />' eq 'sles9') { |
|| '<DIST />' eq 'sles9') { |
$ssldir = '/etc/apache/vhosts.d'; |
$ssldir = '/etc/apache/vhosts.d'; |
} elsif ('<DIST />' =~ /^(suse|sles)/) { |
} elsif ('<DIST />' =~ /^(suse|sles)/) { |
$ssldir = '/etc/apache2/vhosts.d'; |
$ssldir = '/etc/apache2/vhosts.d'; |
} elsif ('<DIST />' =~ /^(debian|ubuntu)/) { |
} elsif ('<DIST />' =~ /^(debian|ubuntu)/) { |
$ssldir = '/etc/apache2/sites-available'; |
$ssldir = '/etc/apache2/sites-available'; |
} else { |
} else { |
Line 227 else {
|
Line 227 else {
|
} |
} |
my $hostname = Sys::Hostname::FQDN::fqdn(); |
my $hostname = Sys::Hostname::FQDN::fqdn(); |
my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost'); |
my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost'); |
my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)', |
my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)', |
'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', |
'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)', |
'RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]', |
'RewriteRule ^/adm/wrapper/ext/(?!https:) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]', |
'RewriteCond %{REMOTE_ADDR} 127.0.0.1', |
'RewriteCond %{REMOTE_ADDR} 127.0.0.1', |
'RewriteRule (.*) - [L]'); |
'RewriteRule (.*) - [L]'); |
if (($hostip ne '') && ($hostip ne '127.0.0.1')) { |
if (($hostip ne '') && ($hostip ne '127.0.0.1')) { |
Line 267 else {
|
Line 267 else {
|
} else { |
} else { |
chomp(); |
chomp(); |
s/^(\s+|\s+)$//g; |
s/^(\s+|\s+)$//g; |
push(@{$rewrites[$num]},$_); |
push(@{$rewrites[$num]},$_); |
} |
} |
} elsif (/^\s*<IfModule\s+mod_rewrite.c>/) { |
} elsif (/^\s*<IfModule\s+mod_rewrite.c>/) { |
$rewrite = 1; |
$rewrite = 1; |
Line 292 else {
|
Line 292 else {
|
} |
} |
} |
} |
if ($found >= @expected) { |
if ($found >= @expected) { |
$gotrules = 1; |
$gotrules = 1; |
} |
} |
} |
} |
} |
} |
} |
} |
} |
} |
unless ($gotrules) { |
unless ($gotrules) { |
print('**** WARNING **** '.$curr_rewrite.' is currently set so rewrites '. |
print('**** WARNING **** '."\n".$curr_rewrite.' is currently set so rewrites '. |
'of http to https are enabled for most URLs.'."\n". |
'of http to https are enabled for most URLs.'."\n". |
'It is recommended to also set rewrites from https to http '. |
'Unless your Apache configuration includes Strict-Transport-Security '. |
'in a file in '.$ssldir.' by including the following:'."\n". |
'(with max-age > 0), it is recommended to also set rewrites from https to http '. |
|
'for specific URLs in a file in '.$ssldir.' by including the following:'."\n". |
"<IfModule mod_rewrite.c>\n".' '. |
"<IfModule mod_rewrite.c>\n".' '. |
join("\n ",@expected)."\n". |
join("\n ",@expected)."\n". |
"</IfModule>\n"); |
"</IfModule>\n"); |