more specifically, i am interested in being able to login using SSL so my password isn't sent in clear text. thx in advance. b. :)
Yikes! Over a year and no answer?
Yikes! Over a year and no answer?
I'm using some htaccess rewrite rules to make sure that /login is only displayed using https.
As far as I know, there's not built in solution in c5 right now to achieve this.
As far as I know, there's not built in solution in c5 right now to achieve this.
Remo,
I have spent long hours with google and my .htaccess file to reroute the login page to https. I get either a redirection loop or no redirection.
Do you mind posting the relevant part of your .htaccess file?
I am using:
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/login?
RewriteRule ^(.*)$http://www.somedomain.com/$1 [R,L]
Thank you
I have spent long hours with google and my .htaccess file to reroute the login page to https. I get either a redirection loop or no redirection.
Do you mind posting the relevant part of your .htaccess file?
I am using:
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/login?
RewriteRule ^(.*)$http://www.somedomain.com/$1 [R,L]
Thank you
I agree with remo, the easiest and a very sercure way to accomplish this is using apache. Set up a mod_that sends all
http://mydomain.com/login in to https:/mydomain.com.. Granted you have to setup HTTPS and certificates, but login/authenification is encrypted. I use this meathod to secure our webmail UI. :)
Here is the pertianent section of my httpd.conf
-----------
I tried to post it, but the special chars "hosed" it :(
See Attached...
HMMMM, It goes into an infinite loop trying to attach a file.. I'll try the attachment in a new post.
http://mydomain.com/login in to https:/mydomain.com.. Granted you have to setup HTTPS and certificates, but login/authenification is encrypted. I use this meathod to secure our webmail UI. :)
Here is the pertianent section of my httpd.conf
-----------
I tried to post it, but the special chars "hosed" it :(
See Attached...
HMMMM, It goes into an infinite loop trying to attach a file.. I'll try the attachment in a new post.
Let's Try this, see attachment :)
Thank you nteaviation.
When I added, per your suggestion,
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ http://%{SERVER_NAME}/login/ [L,R=303]
to my .htaccess file I still get a redirect loop.
When I added, per your suggestion,
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ http://%{SERVER_NAME}/login/ [L,R=303]
to my .htaccess file I still get a redirect loop.
Are you using "Enable Pretty URLs" in the dashboard? It may not work when that is enabled. If you are running out of your webroot, try attached:
Sorry, having diffucultly attaching files :(
This won't work. It was designed for my webmail app. It can be done, i'm just not sure the best way to do it. Let me play around with it a while,. Or maybe we could get remo to "enlighten us" :)
So I am using the concrete5 pretty urls modification to my .htaccess file.
I did notice that if my .htaccess file looks exactly like the pretty urls mod (nothing else in the file, really) and then try to go to
(https)://myurl.com/login it fails with a redirect loop
Is that odd to anyone?
I did notice that if my .htaccess file looks exactly like the pretty urls mod (nothing else in the file, really) and then try to go to
(https)://myurl.com/login it fails with a redirect loop
Is that odd to anyone?
I played with this a little and I think I am close. Add attached to the bottom of your .htaccess file. It is set up to work with Pretty URL's. When you login to admin you are redirected to https, but I have not figured out how to get out of https and back to http. It also seems to break the pretty little usage chart in the dashboard, but everything else seems to work :)
I need to know how I can get different users with their own password protected accounts. Is there a way to do this?