As user sonador requested in this thread: http://forums.cacti.net/viewtopic.php?f=21&t=45825
Neither Apache redirect nor the SSL plugin serve this purpose, as they both result in all pages being delivered via HTTPS. In some environments, its only necessary and desirable to secure the login page, while not incurring the overhead of HTTPS for the other pages.
HTTPS for login page only
Moderators: Developers, Moderators
Re: HTTPS for login page only
Isnt this doable with a rewrite condition that is set only to the login page?
Re: HTTPS for login page only
To an extent, yes - however, the index.php page appears to be written to use relative URLs, so the rewrite may work well for the index.php page but not for the content within. This results in security alerts from modern browsers which prefer not to mix http & https content on the same page... Hence why it would be desirable for a setting to exist which would use https for all URLs in the index.php page only.
I have tried to address this with mod_rewrite, but never achieved the desired results. Perhaps it's my mod_rewrite foo which is lacking?
I have tried to address this with mod_rewrite, but never achieved the desired results. Perhaps it's my mod_rewrite foo which is lacking?
Re: HTTPS for login page only
Yes those security alerts I get are often unsettling, the only issue with using https for all URLs is loading speed, this is why https is not used everywhere, site speed is important too. You need to balance functionality and security.helzerr wrote:in security alerts from modern browsers which prefer not to mix http & https content on the same page... Hence why it would be desirable for a setting to exist which would use https for all URLs in the index.php page only.
Henry
Re: HTTPS for login page only
You could modify 1 line of the SSL plugin to only require SSL on the login page. You would then want it to force it to redirect page if not on the login page though, so another 3 lines.
Who is online
Users browsing this forum: No registered users and 0 guests