LP1522686: Force SSL for Web Staff, Add Basic Redirect for Staff URL

1 minor change, 1 less minor change.

First, add a simple redirect for staff that forget to enter the
final '/' at the end of <server>/eg/staff/.

Second, and most importantly, force all connections to the web
staff client to be redirected through an HTTPS connection. By
default the system would accept whichever connection type you
enter by hand, and fewer and fewer people actually enter the
protocol specifier these days.

Signed-off-by: Jason Boyer <jboyer@library.in.gov>
Signed-off-by: Ben Shum <bshum@biblio.org>

diff --git a/Open-ILS/examples/apache/eg_vhost.conf.in b/Open-ILS/examples/apache/eg_vhost.conf.in
index bf63947..e64c2d7 100644 (file)
--- a/Open-ILS/examples/apache/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache/eg_vhost.conf.in
@@ -9,6 +9,11 @@
 RedirectMatch 301 ^/$ /eg/opac/home
 
 # ----------------------------------------------------------------------------------
+# Redirect staff to the correct URL if they forget to include the final /
+# ----------------------------------------------------------------------------------
+RedirectMatch 301 ^/eg/staff$ /eg/staff/
+
+# ----------------------------------------------------------------------------------
 # Point / to the IP address redirector
 # ----------------------------------------------------------------------------------
 #<LocationMatch ^/$>
@@ -812,6 +817,9 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
     Options -MultiViews
     PerlSetVar OILSWebStopAtIndex "true"
 
+    RewriteCond %{HTTPS} off
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+
     # sample staff-specific translation files
     #PerlAddVar OILSWebLocale "en_ca"                                           
     #PerlAddVar OILSWebLocale "/openils/var/data/locale/staff/en-CA.po"         

diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in
index 78fab7e..94d5c34 100644 (file)
--- a/Open-ILS/examples/apache_24/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in
@@ -9,6 +9,11 @@
 RedirectMatch 301 ^/$ /eg/opac/home
 
 # ----------------------------------------------------------------------------------
+# Redirect staff to the correct URL if they forget to include the final /
+# ----------------------------------------------------------------------------------
+RedirectMatch 301 ^/eg/staff$ /eg/staff/
+
+# ----------------------------------------------------------------------------------
 # Point / to the IP address redirector
 # ----------------------------------------------------------------------------------
 #<LocationMatch ^/$>
@@ -818,6 +823,9 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
     Options -MultiViews
     PerlSetVar OILSWebStopAtIndex "true"
 
+    RewriteCond %{HTTPS} off
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+
     # sample staff-specific translation files
     #PerlAddVar OILSWebLocale "en_ca"                                           
     #PerlAddVar OILSWebLocale "/openils/var/data/locale/staff/en-CA.po"