HTTPS for login page only

Anything that you think should be in Cacti.

Moderators: Developers, Moderators

Post Reply
helzerr
Cacti User
Posts: 54
Joined: Sun Feb 01, 2004 3:10 am
Location: Orlando, FL
Contact:

HTTPS for login page only

Post by helzerr »

As user sonador requested in this thread: http://forums.cacti.net/viewtopic.php?f=21&t=45825

Neither Apache redirect nor the SSL plugin serve this purpose, as they both result in all pages being delivered via HTTPS. In some environments, its only necessary and desirable to secure the login page, while not incurring the overhead of HTTPS for the other pages.
ndberry
Posts: 2
Joined: Thu Jul 05, 2012 3:56 pm

Re: HTTPS for login page only

Post by ndberry »

Isnt this doable with a rewrite condition that is set only to the login page?
helzerr
Cacti User
Posts: 54
Joined: Sun Feb 01, 2004 3:10 am
Location: Orlando, FL
Contact:

Re: HTTPS for login page only

Post by helzerr »

To an extent, yes - however, the index.php page appears to be written to use relative URLs, so the rewrite may work well for the index.php page but not for the content within. This results in security alerts from modern browsers which prefer not to mix http & https content on the same page... Hence why it would be desirable for a setting to exist which would use https for all URLs in the index.php page only.

I have tried to address this with mod_rewrite, but never achieved the desired results. Perhaps it's my mod_rewrite foo which is lacking?
hoonry
Posts: 1
Joined: Wed Mar 06, 2013 7:02 am

Re: HTTPS for login page only

Post by hoonry »

helzerr wrote:in security alerts from modern browsers which prefer not to mix http & https content on the same page... Hence why it would be desirable for a setting to exist which would use https for all URLs in the index.php page only.
Yes those security alerts I get are often unsettling, the only issue with using https for all URLs is loading speed, this is why https is not used everywhere, site speed is important too. You need to balance functionality and security.
Henry
cigamit
Developer
Posts: 3369
Joined: Thu Apr 07, 2005 3:29 pm
Location: B/CS Texas
Contact:

Re: HTTPS for login page only

Post by cigamit »

You could modify 1 line of the SSL plugin to only require SSL on the login page. You would then want it to force it to redirect page if not on the login page though, so another 3 lines.
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests