From 325b033df2d220ac5d5a5e9e1d1c79ce8d1b3359 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 17 Sep 2013 16:10:18 +0200
Subject: [PATCH] Fix httpd template to restrict access to the casProxy handler

---
 .../templates/etc/httpd/conf/httpd.conf/85SOGoAccess    | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85SOGoAccess b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85SOGoAccess
index 63edbc9..22c78ce 100644
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85SOGoAccess
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85SOGoAccess
@@ -10,18 +10,15 @@
     $OUT = "";
 }
 
-ScriptAlias /SOGo/cgi-bin /usr/share/SOGo/cgi-bin
+ScriptAlias /sogo-cgi-bin /usr/share/SOGo/cgi-bin
 <Directory /usr/share/SOGo/cgi-bin>
     AllowOverride None
     Options +ExecCGI
+    Order deny,allow
+    Allow from 127.0.0.1
 </Directory>
 
-ProxyPass /SOGo/casProxy http://localhost/SOGo/cgi-bin/cas-proxy-validate
-
-<Proxy http://localhost/SOGo/cgi-bin/cas-proxy-validate>
-   Order deny,allow
-   Allow from 127.0.0.1 192.168.7.1
-</Proxy>
+ProxyPass /SOGo/casProxy http://localhost/sogo-cgi-bin/cas-proxy-validate
 
 ProxyPass /SOGo http://127.0.0.1:{$sogod{'TCPPort'}}/SOGo
 ProxyPassReverse /SOGo http://127.0.0.1:{$sogod{'TCPPort'}}/SOGo
@@ -41,6 +38,12 @@ RedirectMatch ^/.well-known/(caldav|carddav)$ /SOGo/dav/
     RequestHeader set "x-webobjects-server-url" "https://%\{REQUEST_HOST\}e/SOGo"
 </Location>
 
+<Location /SOGo/casProxy>
+    Order deny,allow
+    Deny from All
+    Allow from 127.0.0.1 {"$LocalIP";}
+</Location>
+
 Alias /.woa/WebServerResources/ {"$style";}
 Alias /SOGo.woa/WebServerResources/ {"$style";}
 Alias /SOGo/WebServerResources/ {"$style";}