Forcing use of SSL at login screen

[James Austin]

I've got Cacti working fine on RH 8.0 and Apache 2.0.

What I'd like to know is has anybody had any success forcing SSL login??

i.e. sending anyone who accesses cacti to https://cacti/ even if they use http://cacti/ instead.

I'm using this on a college campus and I'd prefer not passing the pwd in the clear.

If so how'd you do it.

I've tried redirects and .htaccess with no luck.

Thanks in advance for any help.

..jwa

[Erik]

You can use this (i think its should work, but it's not tested):

Code: Select all

<?php
//this should be before any output has been started, you can place
//it in an every-time-included file like ./include/config.php.

if($_SERVER['SERVER_PROTOCOL'] != 'https') { 
	header ('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); // This wil put a redirect in the header (configure if you have a different setup) (you could use $_SERVER("
	die(); // Don't offer anything over a non-ssl conn., so stop!
}
?>

If it works, it's working safely. I'm convinced. You don't need reg_globals to be on in php.ini.

Hope it helps!![/code]