From 07b04048e0f3a932b8d16c7d318f323175b25724 Mon Sep 17 00:00:00 2001
From: Jason Boyer <jboyer@library.in.gov>
Date: Fri, 4 Dec 2015 01:17:21 -0500
Subject: [PATCH] LP1522686: Force SSL for Web Staff, Add Basic Redirect for
 Staff URL

1 minor change, 1 less minor change.

First, add a simple redirect for staff that forget to enter the
final '/' at the end of <server>/eg/staff/.

Second, and most importantly, force all connections to the web
staff client to be redirected through an HTTPS connection. By
default the system would accept whichever connection type you
enter by hand, and fewer and fewer people actually enter the
protocol specifier these days.

Signed-off-by: Jason Boyer <jboyer@library.in.gov>
---
 Open-ILS/examples/apache/eg_vhost.conf.in    | 8 ++++++++
 Open-ILS/examples/apache_24/eg_vhost.conf.in | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/Open-ILS/examples/apache/eg_vhost.conf.in b/Open-ILS/examples/apache/eg_vhost.conf.in
index bf63947b68..e64c2d769a 100644
--- a/Open-ILS/examples/apache/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache/eg_vhost.conf.in
@@ -9,6 +9,11 @@
 RedirectMatch 301 ^/$ /eg/opac/home
 
 # ----------------------------------------------------------------------------------
+# Redirect staff to the correct URL if they forget to include the final /
+# ----------------------------------------------------------------------------------
+RedirectMatch 301 ^/eg/staff$ /eg/staff/
+
+# ----------------------------------------------------------------------------------
 # Point / to the IP address redirector
 # ----------------------------------------------------------------------------------
 #<LocationMatch ^/$>
@@ -812,6 +817,9 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
     Options -MultiViews
     PerlSetVar OILSWebStopAtIndex "true"
 
+    RewriteCond %{HTTPS} off
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+
     # sample staff-specific translation files
     #PerlAddVar OILSWebLocale "en_ca"                                           
     #PerlAddVar OILSWebLocale "/openils/var/data/locale/staff/en-CA.po"         
diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in
index 78fab7e548..94d5c34500 100644
--- a/Open-ILS/examples/apache_24/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in
@@ -9,6 +9,11 @@
 RedirectMatch 301 ^/$ /eg/opac/home
 
 # ----------------------------------------------------------------------------------
+# Redirect staff to the correct URL if they forget to include the final /
+# ----------------------------------------------------------------------------------
+RedirectMatch 301 ^/eg/staff$ /eg/staff/
+
+# ----------------------------------------------------------------------------------
 # Point / to the IP address redirector
 # ----------------------------------------------------------------------------------
 #<LocationMatch ^/$>
@@ -818,6 +823,9 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
     Options -MultiViews
     PerlSetVar OILSWebStopAtIndex "true"
 
+    RewriteCond %{HTTPS} off
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+
     # sample staff-specific translation files
     #PerlAddVar OILSWebLocale "en_ca"                                           
     #PerlAddVar OILSWebLocale "/openils/var/data/locale/staff/en-CA.po"         
-- 
2.11.0