michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-15 03:10:30 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
24,981 Commits 46 Branches 91 Tags
2.641
Commit Graph

426 Commits

Author SHA1 Message Date
Joe Cooper
77d817357d Remove login_redirect 2026-05-10 20:52:09 -05:00
Joe Cooper
241abfe719 Add trusted_proxies config 2026-05-10 01:19:01 -05:00
Jamie Cameron
f03140314e Merge branch 'master' of github.com:webmin/webmin
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-04-16 20:02:02 -07:00
Jamie Cameron
6c77b24da6 The crypt function can natively support SHA512 
https://github.com/webmin/webmin/issues/2656
 2026-04-16 20:01:55 -07:00
Ilia Ross
da18a16c84 Fix to require 2FA for RPC basic auth
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
+ improve remote auth errors
 2026-04-15 22:36:40 +02:00
Jamie Cameron
ba336c297b Make check for 'X-SSL-Client-Verify' header stricter 2026-04-14 16:19:22 -07:00
Ilia Ross
87d8969efb Fix to gate forwarded proxy URL for consistency
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
https://github.com/webmin/webmin/pull/2666#issuecomment-4241962133
 2026-04-14 14:44:57 +02:00
Ilia Ross
bd7e91c712 Fix comment shift ; add missing comments
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-04-12 19:03:12 +02:00
Ilia Ross
67950afe3a Add configurable redaction for logged request parameters 2026-04-12 19:01:14 +02:00
Ilia Ross
a6156ff76b Add configurable websocket origin exceptions (for weird cases) 2026-04-12 18:35:21 +02:00
Ilia Ross
6de6529bba Fix to harden session cookie defaults 2026-04-12 18:17:32 +02:00
Ilia Ross
cf98ce3f55 Fix to normalize websocket path matching 2026-04-12 18:10:22 +02:00
Ilia Ross
c0fb00a6e4 Fix to improve proxied connection validation 
X260412
 2026-04-12 18:08:57 +02:00
Ilia Ross
49b8f1a2fa Fix to improve proxied connection handling 
X260412
 2026-04-12 14:56:51 +02:00
Joe Cooper
316529c8ca typo s/actphost/acpthost/ 2026-04-06 22:27:52 -05:00
Jamie Cameron
3dbeb4e4db Don't trust proxy-provided SSL cert if it's flagged as not verified
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-04-01 18:17:02 -07:00
Ilia Ross
2397653d55 Fix IPv6 hostname matching for alwaysresolve access rules
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
* Note: Fix Miniserv IPv6 hostname resolution and matching used by access control when `alwaysresolve` is enabled:
  1. Correct `to_ip6address()` success handling (before getaddrinfo result was interpreted backwards)
  2. In `ip_match()`, resolve hostnames with `to_ip6address()` for IPv6 clients instead of IPv4-only `to_ipaddress()`
  3. Canonicalize IPv6 addresses before reverse and forward verification to avoid format-based mismatches.
  4. Mirror the IPv6 logic change in "webmin/webmin-lib.pl"

https://forum.virtualmin.com/t/webmin-access-control-for-domain-names-with-ipv6/136661?u=ilia
 2026-02-21 13:30:08 +02:00
Jamie Cameron
0342f06fc8 Remove dependency on IO::Pty for calling sudo 
https://github.com/webmin/webmin/issues/2587
 2025-11-18 21:04:48 -08:00
Jamie Cameron
3d300b5fb6 Handle perl errors calling PEM_read_bio_X509 more gracefully 2025-11-10 21:24:36 -08:00
Ilia Ross
d694649872 Fix to safely get user hostname from URL 2025-10-03 03:19:54 +03:00
Ilia Ross
991795c296 Fix to redirect to HTTPS when we get the host from the browser URL 2025-10-02 15:52:14 +03:00
Ilia Ross
fc4e2751dc Fix broken redirect when there is no way to get FQDN 
*Note: "$host = &get_socket_name(SOCK, $ipv6fhs{$s});" won't return FQDN if it can't be resolved (or if it isn't in /etc/hosts), breaking some redirects, most likely proxied ones that aren't using HTTPS in its config.
 2025-10-01 01:03:45 +03:00
Jamie Cameron
388f51843f Merge pull request #2558 from webmin/dev/remove-bottleneck-of-shelling-out 
Fix to remove significant bottleneck of shelling out
 2025-09-25 20:28:21 -07:00
Ilia Ross
a027ad5dd6 Fix variable names to avoid ambiguity 
* Note: Discussed here:
https://github.com/webmin/webmin/pull/2553#issuecomment-3328436525
 2025-09-25 15:23:06 +03:00
Ilia Ross
d99a24b045 Fix to remove significant bottleneck of shelling out 2025-09-25 14:48:14 +03:00
Jamie Cameron
d5a22a592f Cache reads of the same cert file 2025-09-23 17:10:55 -07:00
Jamie Cameron
890a4ffd3f Valid http host header against cert name, as it may be different from the SSL hostname 2025-09-23 17:05:32 -07:00
Jamie Cameron
eb02824bfc Detect if SSL hostname is valid for the cert being used, and pass it to an environment variable 2025-09-22 21:13:46 -07:00
Ilia Ross
6191a222ae Revert "Fix to make sure the mail URL uses a well-known host name" 
This reverts commit e88a77d32a.
 2025-09-23 02:22:17 +03:00
Ilia Ross
2ac82016aa Revert "Perfect previous code" 
This reverts commit 8f987d21a9.
 2025-09-23 02:22:06 +03:00
Ilia Ross
8f987d21a9 Perfect previous code 2025-09-21 22:54:25 +03:00
Ilia Ross
e88a77d32a Fix to make sure the mail URL uses a well-known host name 2025-09-21 21:47:12 +03:00
Ilia Ross
6935174133 Fix to consider it a bad request only if there is one 2025-07-13 17:43:47 +03:00
Jamie Cameron
0a0ad2f119 Only update session time when there is actually websockets traffic 
https://github.com/webmin/webmin/pull/2510
 2025-07-10 04:31:36 -07:00
Jamie Cameron
0f721a17ae Merge pull request #1718 from tgurr/sslrenegotiation 
Disable SSL/TLS renegotiation
 2025-07-07 17:20:37 +10:00
Ilia Ross
f353ae31d8 Fix typos 2025-07-06 20:44:35 +03:00
Ilia Ross
6b75672534 Add ability to enforce SSL by default 2025-07-06 20:02:34 +03:00
Jamie Cameron
f1e96e3097 Re-open the debug and error logs if cleared periodically 2025-07-03 15:11:10 -07:00
Jamie Cameron
af07c6c9d9 The notimeout flag is never set 2025-07-02 16:21:11 -07:00
Jamie Cameron
740f5b9d49 delete support for the webmin_notimeout param, which as far as I can tell is never used 2025-07-02 15:10:19 -07:00
Ilia Ross
56b62346b4 Fix not to use SSL unless clients wants it explicitly 2025-06-29 01:04:30 +03:00
Ilia Ross
a223243db4 Fix comment for clarity 2025-06-27 04:01:15 +03:00
Ilia Ross
b59bdc4f1a Fix latest SSLeay support for redirects to SSL work 2025-06-27 03:57:06 +03:00
Ilia Ross
d428f4d4c1 Fix comment 
49ceeebbf8 (commitcomment-160355697)
 2025-06-22 01:02:51 +03:00
Ilia Ross
49ceeebbf8 Add ability to redirect to enforced host 2025-06-17 20:28:49 +03:00
Jamie Cameron
693f3c792e Allow sessions to have a max lifetime 2025-05-19 22:18:33 -07:00
Jamie Cameron
1f33234db2 Differentiate temporary session IDs for single-use logins from real sessions 2025-05-19 21:55:56 -07:00
Ilia Ross
ff4e0ae386 Fix to split lines up 
https://github.com/webmin/webmin/pull/2462#pullrequestreview-2797791341
 2025-04-28 03:33:52 +03:00
Ilia Ross
19bfe18e0f Add ability to make authentication in two steps 2025-04-28 00:55:59 +03:00
Ilia Ross
b48f6d3406 Fix to drop obsolete code 2025-04-28 00:51:04 +03:00