You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected Puppet, Ruby, OS and module versions/distributions
Puppet: 4.10 or 7+
Ruby: the one shipped with puppet 4.10 or 7+
Distribution: Centos 7
Module version: the branch master as of 2022-08-17
How to reproduce (e.g Puppet code you use)
create a nginx::server with ssl_redirect => true (and other proper ssl settings, like certificates)
add to this server definition the auth_basic*settings.
What are you seeing
The nginx module will neatly create an additional definition for the server listening to the port 80. The problem is that the auth basic settings will land also in that definition and actually it is not needed, as the 80 port server is meant to exists only for a 301 redirect. This causes the problem Cleartext Transmission of Sensitive Information via HTTP. http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.108440
What behaviour did you expect instead
The same port 80 server definition with redirect but without the auth basic settings.
Output log
no log
Any additional information you'd like to impart
thank you for the module anyway!
The text was updated successfully, but these errors were encountered:
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
nginx::serverwithssl_redirect => true(and other proper ssl settings, like certificates)auth_basic*settings.What are you seeing
The nginx module will neatly create an additional definition for the server listening to the port 80. The problem is that the auth basic settings will land also in that definition and actually it is not needed, as the 80 port server is meant to exists only for a 301 redirect. This causes the problem Cleartext Transmission of Sensitive Information via HTTP. http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.108440
What behaviour did you expect instead
The same port 80 server definition with redirect but without the auth basic settings.
Output log
Any additional information you'd like to impart
The text was updated successfully, but these errors were encountered: