Has anyone managed to SSL-enable the dashboard fully/correctly?
Permalink 1 user found helpful
Hi all,
Just wondering. I've managed to ssl-enable a concrete5 dashboard back end with the following rewrite rules.
It works well except for an occasional ssl error about some content not being fully encrypted for some operations (exiting an edited block is one), which I've traced to external references to graphics. I can live with this, however, one notable section refuses to work properly, which this project needs extensively, and that's the bulk file uploader. I keep getting server IO errors in the list of files when I hit the upload button, which I'm suspecting is due to the [R] directive in the rule, causing the built headers/packet in the uploader to be dropped. Any ideas? I've tried to create exclusions to the following paths in the rewrite rules, but to no avail:
C5 is an absolute dream to work with, and apart from this, i've been able to build solutions without a single major stumbling block, so keep up the great work everybody!
Thanks up front and regards,
shrike71
Cheers
Just wondering. I've managed to ssl-enable a concrete5 dashboard back end with the following rewrite rules.
RewriteCond %{SERVER_PORT} !443 RewriteRule ^index.php/dashboard(.*)$ https://<SERVER>/dashboard$1 [R]
It works well except for an occasional ssl error about some content not being fully encrypted for some operations (exiting an edited block is one), which I've traced to external references to graphics. I can live with this, however, one notable section refuses to work properly, which this project needs extensively, and that's the bulk file uploader. I keep getting server IO errors in the list of files when I hit the upload button, which I'm suspecting is due to the [R] directive in the rule, causing the built headers/packet in the uploader to be dropped. Any ideas? I've tried to create exclusions to the following paths in the rewrite rules, but to no avail:
RewriteRule ^index.php/dashboard/files/$ http://<SERVER>/index.php/dashboard/files/ [R] RewriteRule ^index.php/dashboard/files/(.*)$ http://<SERVER>/index.php/dashboard/files/$1 [R]
C5 is an absolute dream to work with, and apart from this, i've been able to build solutions without a single major stumbling block, so keep up the great work everybody!
Thanks up front and regards,
shrike71
Cheers
This is great! I've been trying to figure this out for literally the past two days, but I'm a little mystified by all this port 443 and port 80 talk. I've been using this under the root .htaccess to redirect the entire site:
I'm brand new to dealing with .htaccess, so should I be defining the ports like you've done? Essentially, I want to use this but I don't know how to use it. Is it all in the same root .htaccess file?
Thanks!
RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
I'm brand new to dealing with .htaccess, so should I be defining the ports like you've done? Essentially, I want to use this but I don't know how to use it. Is it all in the same root .htaccess file?
Thanks!
Not sure how you would tackle this in a .htaccess file, I have the luxury of being able to configure the Apache confs at source, but my guess is that if SSL has been enabled on your behalf on the server, you should be able to bunch these rules together in your .htaccess file, but with one small modification:
RewriteCond %{SERVER_PORT} !443
RewriteCond %{REQUEST_URI} !^/index.php/dashboard/files/$
RewriteCond %{REQUEST_URI} !^/index.php/dashboard/files/.*$
RewriteRule ^index\.php/dashboard(.*)$https://<SERVER>/index.php/dashboard$1... [R,L]
RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} ^/index.php/dashboard/files/$ [OR]
RewriteCond %{REQUEST_URI} ^/index.php/dashboard/files/.*$
RewriteRule ^index\.php/dashboard(.*)$http://<SERVER>/index.php/dashboard$1... [R,L]
Since both sets of rules are being handled in the .htaccess file and not in separate VirtualHosts configurations, You have to make the second rule group the converse of the first, i.e. you have to include the
RewriteCond %{SERVER_PORT} 443
to ensure that the second block is only ever fulfilled if the request is already HTTPS.
Not tried it in .htaccess, but i hope it gives you enough to go on!
Cheers,
Shrike71
RewriteCond %{SERVER_PORT} !443
RewriteCond %{REQUEST_URI} !^/index.php/dashboard/files/$
RewriteCond %{REQUEST_URI} !^/index.php/dashboard/files/.*$
RewriteRule ^index\.php/dashboard(.*)$https://<SERVER>/index.php/dashboard$1... [R,L]
RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} ^/index.php/dashboard/files/$ [OR]
RewriteCond %{REQUEST_URI} ^/index.php/dashboard/files/.*$
RewriteRule ^index\.php/dashboard(.*)$http://<SERVER>/index.php/dashboard$1... [R,L]
Since both sets of rules are being handled in the .htaccess file and not in separate VirtualHosts configurations, You have to make the second rule group the converse of the first, i.e. you have to include the
RewriteCond %{SERVER_PORT} 443
to ensure that the second block is only ever fulfilled if the request is already HTTPS.
Not tried it in .htaccess, but i hope it gives you enough to go on!
Cheers,
Shrike71
in your rewrite block for the port 80 (non SSL vhost) do something like this:
then, in your 443 vhost's rewrite block, put this:
Hope somebody finds this useful... pain in the arse to sort out!
Cheers,
shrike71