https logins only

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
User avatar
sonador
Posts: 7
Joined: Wed Dec 07, 2011 7:32 pm

https logins only

Post by sonador »

A lot of the users of the cacti installation which I support use it also outside the office via insecure lines and I have decided to run it on ssl enabled web server.

Https though, increases loading times for graphs, especially for those who have old computers and handling SSL encrypted data on those old machines takes significant time.

Is there any possible way to make cacti only handle logins though https and serve everything else through regular http? :P


~Cheers~
noname
Cacti Guru User
Posts: 1566
Joined: Thu Aug 05, 2010 2:04 am
Location: Japan

Re: https logins only

Post by noname »

Just google'd:
- Apache: Redirect http to https Apache secure connection – force HTTPS Connections

I'm not sure whether it woks (or not) in Cacti.
User avatar
sonador
Posts: 7
Joined: Wed Dec 07, 2011 7:32 pm

Re: https logins only

Post by sonador »

I am not sure rewriting would work in the scenario which I am trying to accomplish. The link which you posted will work for general rewriting of all http traffic to https. That's fine but I need only logins to behandled through https.

Even if I do POST rewriting only, data will arrive to the webserver unencrypted and than will be rewriten to https which will again allow man in the middle attack - and I am trying to keep secure the user accounts since they are authenticated against our corporate directory server.

I guess some code modifactions would be needed if I want only logins to be POSTed through https and everything else to use regular http.

Anybody? Any ideas?
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: https logins only

Post by TheWitness »

True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
User avatar
sonador
Posts: 7
Joined: Wed Dec 07, 2011 7:32 pm

Re: https logins only

Post by sonador »

TheWitness this particular plugin will redirect anything that is not https to https. I am not looking to do this. This is achievable with rewrite rule in apache.

What I would like to do is only handle logins through https and serve everything else through regular http.

Any ideas?
helzerr
Cacti User
Posts: 54
Joined: Sun Feb 01, 2004 3:10 am
Location: Orlando, FL
Contact:

Re: https logins only

Post by helzerr »

After much research, I've managed to get mod_rewrite to work, but it's not perfect... Within your <Directory> configuration for Cacti, add:

Code: Select all

        RewriteEngine On

        RewriteCond %{HTTP_HOST}   !^cacti\.domain\.com$ [NC]
        RewriteRule ^(.*)$         https://cacti.domain.com/$1 [R=301,L]
        RewriteRule ^$             /index.php [R=301,L]

        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule ^index.php$    https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

        RewriteCond %{SERVER_PORT} ^443$
        RewriteRule !^index.php$   http://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Of course, adjust "cacti.domain.com" to your own URL.

Certain versions of browsers will complain about mixed content - Chrome asks, "This page has insecure content. [Don't load (recomended)] [Load anyway]" and I.E. will pop up a dialog asking, "Do you want to view only the webpage content that was delivered securely?"

Anyone with better mod_rewrite skills, please chime in. Or perhaps this is something which should be an option in Cacti settings, ala "Secure login page with SSL? [Y] [N]" which then instructs the .php to use https:// URLs in the right places?
helzerr
Cacti User
Posts: 54
Joined: Sun Feb 01, 2004 3:10 am
Location: Orlando, FL
Contact:

Re: https logins only

Post by helzerr »

Cross-posted in Feature Requests forum: http://forums.cacti.net/viewtopic.php?f=7&t=47649
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest