6935174133
Fix to consider it a bad request only if there is one
2025-07-13 17:43:47 +03:00
0a0ad2f119
Only update session time when there is actually websockets traffic
...
https://github.com/webmin/webmin/pull/2510
2025-07-10 04:31:36 -07:00
0f721a17ae
Merge pull request #1718 from tgurr/sslrenegotiation
...
Disable SSL/TLS renegotiation
2025-07-07 17:20:37 +10:00
f353ae31d8
Fix typos
2025-07-06 20:44:35 +03:00
6b75672534
Add ability to enforce SSL by default
2025-07-06 20:02:34 +03:00
f1e96e3097
Re-open the debug and error logs if cleared periodically
2025-07-03 15:11:10 -07:00
af07c6c9d9
The notimeout flag is never set
2025-07-02 16:21:11 -07:00
740f5b9d49
delete support for the webmin_notimeout param, which as far as I can tell is never used
2025-07-02 15:10:19 -07:00
56b62346b4
Fix not to use SSL unless clients wants it explicitly
2025-06-29 01:04:30 +03:00
a223243db4
Fix comment for clarity
2025-06-27 04:01:15 +03:00
b59bdc4f1a
Fix latest SSLeay support for redirects to SSL work
2025-06-27 03:57:06 +03:00
d428f4d4c1
Fix comment
...
49ceeebbf8 (commitcomment-160355697)
2025-06-22 01:02:51 +03:00
49ceeebbf8
Add ability to redirect to enforced host
2025-06-17 20:28:49 +03:00
693f3c792e
Allow sessions to have a max lifetime
2025-05-19 22:18:33 -07:00
1f33234db2
Differentiate temporary session IDs for single-use logins from real sessions
2025-05-19 21:55:56 -07:00
ff4e0ae386
Fix to split lines up
...
https://github.com/webmin/webmin/pull/2462#pullrequestreview-2797791341
2025-04-28 03:33:52 +03:00
19bfe18e0f
Add ability to make authentication in two steps
2025-04-28 00:55:59 +03:00
b48f6d3406
Fix to drop obsolete code
2025-04-28 00:51:04 +03:00
d9dbcd9746
More work on forgotten password support
2025-04-14 22:44:55 -07:00
18a4c86e2f
Work on forgotten password page
2025-04-12 11:00:30 -07:00
a768e731cf
Allow anonymous access to the forgotten password CGIs
2025-04-11 22:25:17 -07:00
4c1b063654
Keep old config options for proxy trust
2025-02-13 20:44:54 -08:00
1696eb4e48
Add better way to handle trust level for proxy headers option
2025-02-14 01:43:27 +02:00
efae1cf754
Add UI option to control if SSL client cert is trusted
2024-12-17 21:45:00 -08:00
80e99b7b25
Don't use error handler that doesn't exist
2024-11-21 20:37:56 -08:00
7cd747d82f
Stop trusting remote client IP address for logging unless it's enabled
2024-09-15 19:24:32 -07:00
f8ce246b37
If there is a password change CGI setup, rate limit how often it can be called to prevent brute-force guessing attacks
2024-08-23 21:36:34 -07:00
a721f60f9c
Fix to allow service-worker.js in unauth [build]
2024-07-20 15:57:40 +03:00
9817085c70
Delete PID file on shutdown
2024-05-29 13:22:47 -07:00
2641985b98
Fix typo
2024-05-20 19:06:18 +03:00
736e514766
Fix to always use log function
2024-05-20 18:48:44 +03:00
35e9f0a01d
Limit UDP replies to 1 every 5 seconds per IP
2024-05-11 15:20:19 -07:00
c4c2c5c38e
Add a 10 second timeout to handle the case where a client connects but doesn't start a valid SSL session
2023-10-09 22:55:18 -07:00
bbe7e78516
Log timeout to wait for
2023-10-09 21:59:50 -07:00
3d482d2bf5
Support CF-Connecting-IPv6 header
2023-08-22 18:46:43 -07:00
31af9f996c
Also support CF-Connecting-IP https://github.com/webmin/webmin/issues/1956
2023-08-21 10:04:16 -07:00
fd06605f51
Add support for True-Client-IP header as used by Cloudflare https://github.com/webmin/webmin/issues/1956
2023-08-20 21:22:08 -07:00
4197e61772
Allow use of proxied SSL client name even when in non-SSL mode https://github.com/webmin/webmin/issues/1962
2023-08-11 20:35:57 -07:00
b3b5fff0dc
If trusting the remote IP, also trust the proxied SSL client cert https://github.com/webmin/webmin/issues/1962
2023-07-28 18:33:48 -07:00
486b323990
Add ability to control Server: response header #1945
...
This change:
1. Adds ability for an admin to set custom response header for `Server:`
2. Fixes displaying of running Webmin version for unauthenticated user
2023-07-11 15:05:04 +03:00
e552c68f7e
SSL need to be shut down properly
2023-06-13 07:41:09 -07:00
ada885ef41
Update session DB with actual remote IP https://github.com/webmin/authentic-theme/issues/1653
2023-05-25 16:50:15 -07:00
3996ff205f
Handle case where the root user for testing PAM has no password https://github.com/webmin/webmin/issues/1911
2023-05-20 16:26:54 -07:00
cdf715ad2e
Fix to test expired password correctly
2023-05-04 13:09:16 +03:00
81a8607628
Use lc to lower case
2023-04-28 13:59:19 -07:00
5dc2281e66
Fix password change screen pop up on every login 20d07a17a8
2023-04-28 11:02:19 +03:00
9bcee57c7c
Try lower case username if upper case doesn't exist https://github.com/virtualmin/virtualmin-gpl/issues/553
2023-04-25 20:47:07 -07:00
20d07a17a8
Sync password expiry logic with Linux https://forum.virtualmin.com/t/personalized-warning-in-password-policy/120228
2023-04-18 21:43:15 -07:00
22e7e5c553
Deal with backquotes
2023-01-24 20:55:31 -08:00
726d28d807
Verify long-running websockets sessions in miniserv
2022-12-14 11:18:28 -08:00
