https in BASE_URL
Permalink
First of all, I know that I can use https with Concrete5. There are a few posts about it.http://www.concrete5.org/community/forums/customizing_c5/secure_sit...
Setting REDIRECT_TO_BASE_URL to FALSE seems to fix the redirection loop but I'm not very happy with this approach.
I'd like to make sure that people only access certain parts of my site using https. They should be redirected to the https site if they go to http.
I could use a htaccess file to do that but it would be a lot more intuitive if we could set https in the base_url without disabling the redirection.
Has anyone looked into this? Would it be difficult to get rid of the redirection loop if there's https in the base_url?
Setting REDIRECT_TO_BASE_URL to FALSE seems to fix the redirection loop but I'm not very happy with this approach.
I'd like to make sure that people only access certain parts of my site using https. They should be redirected to the https site if they go to http.
I could use a htaccess file to do that but it would be a lot more intuitive if we could set https in the base_url without disabling the redirection.
Has anyone looked into this? Would it be difficult to get rid of the redirection loop if there's https in the base_url?
you can in the site.php, just changehttp://site.com tohttp://site.com
if I do I get a redirection loop?
...not that i know of.. i also have a php snippet at home that you can stick in the index.php that makes it go https
try it, you can always un-do it
try it, you can always un-do it
I know that I can undo that, not the first time I work with Concrete5 ;-)
I did try it, with 5.3.2, 5.3.3.1, 5.4, svn and it always produced a redirection loop.
I also don't want to modify index.php. Whether I put something in my htaccess file or index.php doesn't really matter. I just want to understand why the obvious solution doesn't work...
I did try it, with 5.3.2, 5.3.3.1, 5.4, svn and it always produced a redirection loop.
I also don't want to modify index.php. Whether I put something in my htaccess file or index.php doesn't really matter. I just want to understand why the obvious solution doesn't work...
It looks like you need to set BASE_URL_SSL in site.php to the secure URL.
Thanks mose, will try that!
I never saw BASE_URL_SSL before... Did I miss something in the documentation?
I never saw BASE_URL_SSL before... Did I miss something in the documentation?
I don't know if it's in the documentation. ;-)
Mose, I set BASE_URL_SSL but Concrete5 doesn't redirect me to https if I open my page with http. Did this work for you?
If REDIRECT_TO_BASE_URL is true, then the browser is redirected to BASE_URL_SSL when the incoming request uses https, and the browser is redirected to BASE_URL when the incoming request uses http. The trick is to get the browser to access a page the way you want, possibly with a redirect.
I do not know of a way in Concrete5 to force a page (or a branch of a web site) to only be accessed with https. That would probably take some coding in the template. For example, if an attribute on the page requires https but the incoming request to this page is not https, redirect to https at this url. Otherwise display content, as normal.
I do not know of a way in Concrete5 to force a page (or a branch of a web site) to only be accessed with https. That would probably take some coding in the template. For example, if an attribute on the page requires https but the incoming request to this page is not https, redirect to https at this url. Otherwise display content, as normal.
Okay thanks. It's just about the second paragraph you wrote, but at least it works the same for you.
Coding is not the problem but I'll look into the code to see if we could implement an easy way to do this... (I work with graphic designers who aren't really good at modifying htaccess or php template)
Coding is not the problem but I'll look into the code to see if we could implement an easy way to do this... (I work with graphic designers who aren't really good at modifying htaccess or php template)
I suppose you could force a branch of a website to be https with rules in the web server. Anything below /root/something/securepages, for example, could require https or be redirected to https.
