Cannot Enable Secure Pages

There should be a like in the description which will allow you to go to the ssl version of this page, and then you will be able to enable securepages

I am using clean url's on all my sites and I am having no problems.

I am using the latest version at many sites.

I am using the latest version at many sites.

This is still a problem. Is there a workaround yet?

The site I am working on and all its links work well with both http: and https: protocols. Clean URLs are enabled. No caching involved (yet).

NOTE: Disabling Clean URLS and the path module did not help in allowing to enable this module. Cannot get the "enable" radiobutton to become clickable.

Running CVS drupal and modules (Tag:Drupal-5)

I am having exactly the same problem as above. The radio button to enable is simply greyed out and can't be selected.

I have all the same settings as above. Any suggestions would be greatly appreciated.

Adrian

Generally if this checkbox is greyed it is because it cannot verify that SSL is enabled on your site.

The easiest way to get around this is to goto the ssl version of the page and then it will not be greyed out.

I try that by clicking the link and the page changes without problem to https://... but it is still greyed out. I have my own ssl (i.e. it's not shared).

I have even today tried updating to drupal version 5.9 and I have tried both the stable and development versions of secure pages.

The main reason I need it is for the ubercart module so I can force the payment page to https. I could have the whole site https but then people using IE6 or 7 get the constant warning on every page about secure and unsecure items.

I am at a total loss!

Give the Dev version a go, I have don't a heap of changes that may fix this.

Gordon.

I already tried that I'm afraid. Exactly the same. Not sure if it's important but I don't run my site from the root. It is run from http://www.example.com/drupal/ (base url in settings.php is correct) Not sure if that's important.

Thanks

Adrian

I am having the same problem! Its driving me crazy!

I have tried all kids of Rewrite modifications in .htaccess - but with no luck.

I just need to get a couple of nodes (pages) set to a https - and I can't enable Secure Pages.

There are 2 reasons why you can't enable secure pages.

1. Drupal is not set up to go to https version of the site.
2. the $_SERVER['HTTPS'] is not being set to 'on'

So if you go to the secure version of your website you should be able to enable secure pages. If you are in https://example.com/admin/settings/securepages and you can't enable secure pages then $_SERVER['HTTPS'] is not set to on

Gordon.

Where do I enable:
1. Drupal is not set up to go to https version of the site.
2. The $_SERVER['HTTPS'] is not being set to 'on'
I have enabled the secure page mod, but it is grayed out. I am using Drupal 6.x with clean URLs

I am using
Drupal 6.x
PHP Version 5.2.4-2ubuntu5.3
MYSQL Server version: 5.0.51a-3ubuntu5.1
Ubuntu Server Hardy

https works fine on port 443 with the site I hade up before I used Drupal. I hand coded that one in php. It also worked if I did not use clean urs and typed in https://mysite.com.

I am really lost here. Please help

All the best.

hi,

Basically with securepages not enabled you should still be able to go to the secure version of your site. ie. https://www.example.com and the site will work as normal.

If from the https version of the site you can go to the secure pages settings and it will allow you to enable it.

If you are at https://www.securepages.com/admin/settings/securepages and you cannot still enable it then if you look at the phpinfo

phpinfo();

and look at the bottom on the https version will see the PHP Variables and there should be an entry for _SERVER['HTTPS'] see if the value is set to on.

If that is still not correct then there is bigger problems than securepages.

Gordon

Hey Gordon,
It may be helpful to remember in the future that you can direct people the the built-in Drupal phpinfo. Click on the php version number in the status report. Here's the URLs:

D5
https://www.example.com/admin/logs/status/php

D6
https://www.example.com/admin/reports/status/php

HTH
-Cedar

I am experiencing a similar problem as stated above by others. The Enable Secure Pages radio buttons (Disable, Enable) are grayed out even though I am successfully accessing this module administration page through a link like https://www.myexample.com/admin/settings/securepages.

My site is hosted on:
FreeBSD
Apache 2 with OpenSSL support
PHP 4.47
MySQL 5.0.24

Looking at the discussion and the code, my php implementation requires that $_SERVER['HTTPS'] is on. But this implementation of PHP in Apache 2 does not display the $_SERVER['HTTPS'] variable. I can tell this by displaying the results of phpinfo() in a test drupal page.

Is there a way to use the SERVER_PORT environment variable instead?

Thanks

I take it back. The Drupal php status page is only a partial phpinfo().

I had the same problem.

I've fix it. In file securepages.module line 312, function securepages_is_secure()

$_SERVER['HTTPS'] == 'on' changed to $_SERVER['HTTPS'] == '1'

return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == '1') ? TRUE : FALSE;

We have an ubercart site Send My Card that sends birthday cards. This has been driven me crazy. Many thanks, this solved my issue. We have our own certificate on shared 1and1 hosting.

I don't think this can really be considered fixed, since the bug remains. On some hosts $_SERVER['HTTPS'] is set to "on", and on others it's set to "1". The function should check for either value so that SSL is properly detected anywhere.

That worked for me - great, thanks!

My host doesn't set $_SERVER['HTTPS'] on a secure connection - they set $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'. A bit of research shows that there is quite a variety of ways to indicate whether a given connection is secure.

To make this work with our host, I've used PHP's auto-prepend function to translate our host's variable. I've created a page ssl_check.php:

<?php
// translate host's HTTP_X_FORWARDED_PROTO server variable to the HTTPS server variable required by Drupal
if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
  $_SERVER['HTTPS'] = 'on';
}
?>

and added a call to it in my site's php.ini:

auto_prepend_file = <absolute path to file>/ssl_check.php

Different host configurations may need this adding to .htaccess instead of php.ini (although the .htaccess syntax is slightly different)

I also ran into this - attached patch incorporates #27 and an additional check for SERVER_PORT.

Basically the same problem solved by ip_address() in Drupal core. Anyone feel like trying to get HTTP_X_FORWARDED_PROTO handling into core? When/if we ever get https stuff into core, that will probably be the time... :) Until then, Mark's solution looks like it should work nicely.

To those who are are having problems and seem to have issues with CleanURL and Secure Pages, I believe there is some valuable information in this thread: #476082: Cannot Enable Secure Pages (on Mercury, or with default allowoverride settings) .

Make sure that you can access both the home page as well as sub pages with both http and https or this module will not function.

I have also been experiencing a similar problem --- The Enable Secure Pages radio buttons (Disable, Enable) were grayed out even though I was successfully accessing this module administration page through a secure link.

My site is hosted on NetFirms, with PHP 5.2.2, MySQL 5.0.77

NetFirms' tech support has advised me to do a check on the $_SERVER['SERVER_PORT'] to ensure it is NOT 80. The PHP info page showed port 15188 was being used for https pages.

So I used the patch provided in reply #30, but modified the SERVER_PORT test from " == '443' " to " != '80' ", and that got the radio buttons to be enabled.

ailgm, 443 is the standard port for SSL, your host is using a non-standard port. This isn't a problem, but the correct change to the code for you would probably be to change " == 443" to "== 15188".

I think the right fix for non-443 server ports would be to add a variable on the settings page to set it to something other than 443 then check for that value in the test. Some setups run apache on port 81 with a reverse proxy, so != 80 could be unreliable there.

I have the same problem – I am getting the error warning: fread(): SSL: fatal protocol error in /home/user/public_html/includes/common.inc on line 474.

I have applied the patch in #30 but it is making no difference.I can access the pages under https as well as http and in fact can select enable under https but still get the same error message.

I am on a shared server running under windows and cannot access anything other than .htaccess so as far as I know cannot apply any suggestions about php.ini, port checking etc - or at least I don't know how to.

I have a shared SSL with a different webaddress for the secure site so maybe it wouldn’t be a problem with own SSl but don’t want to buy a certificate just to try it.

Please help!

Actually #30 leaves out the extra condition that was added in #27. It should include an 'or' clause:($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == '1').

+1 for the suggestion in #35 so that people can enter their host's SSL port if it differs from the standard one.

I sort of think the thread we've got going right here would be a good place to collect all of the problems and solutions regarding function securepages_is_secure().

Another related problem (with fix) here: #578180: HTTP_SSL_CIPHER Not Detected

RE: 27 This patch fixed the problem for me. My server also set $_SERVER['HTTPS'] = 1 instead of "on".

I use 1and1.com as a host, and this fix worked for me.

It was line 248 in my version of the module, but the buttons lit up instantly after I edited the .module file.

Thanks for the fix!!

It worked for me....

1and1 server, and "1and1 Pack Bussiness". I purchased dedicated SSL and with this patch it works!

Thanks!

OK, since it works in many cases, let's call #27 "RTBC" and get at least that one small fix committed. Then we can work separately on other cases where SSL is active on the server but not properly detected by this module.

i agree with #24 and #40 -- a clients 1&1 server is reporting 1 instead of 'on'. Changing this fixed the detection and redirection problem.

Just a random heads up for folks, I wanted to share what worked for me, as I run the Nginx webserver with PHP in FastCGI mode.

I added the following link to the HTTPS server configuration in Nginx:

fastcgi_param HTTPS on;

With that line, any PHP script loaded via HTTPS will have the variable set, and the problem was fixed for me.

Enjoy!

Hi. Just thought I'd chuck in my experiences and say I also had difficulty with Securepages looking for $_SERVER['HTTPS'] == 'on'. I was also getting the infinite redirection problem mentioned in another ticket.

Might it be worth putting in some kind of config variables that define the values of 'HTTPS' and 'on'? I think my set-up was fine with HTTPS but the value of it was '1'.

I have french and english enabled on my site with french as the default.
french => www.example.com
english => www.example.com/en

I'm able to enable secure pages from www.example.com/admin/build/securepages
But I'm not able to enable secure pages from www.example.com/en/admin/build/securepages

Anyone else experiencing this?

As of 9th September 2010, this bug still exists in -dev. The summary is as follows:

Problem: The function securepages_is_secure() does not account for different server configurations, e.g. Apache2, Nginx, etc.

Solution: For most Apache set ups, this patch will solve the problem (See comment #30):
http://drupal.org/files/issues/215876.patch

If you want an easy way to manage patches to drupal modules, download patch_manager.

Documentation for the front page (once the patch goes into a stable release):
If you cannot enable securepages on /admin/build/securepages then you are using a non-standard HTTP configuration and the module has failed to detect an SSL connection. Server specific resolutions:

• nginx; you must add "fastcgi_param HTTPS on;" to your secure servers configuration file.

Sorry, #30 will not take care of the problem on hosts where $_SERVER['HTTPS'] is set to '1', which is happening to many users. Re-rolling #30 on latest dev release to include this additional check.

#29 worked for me.

we have two sites on the same server, one is a cname to the other. the main one works without any issue. the cname'd one required the extra check in #29.

Thanks to Mark B

Many different solutions here .. maybe we can roll them into one new function?

This variation works for me with Aegir on Barracuda/Octopus with nginx/fcgi and wildcard SSL -- using HTTP_X_FORWARDED_PROTO if HTTPS is not set.

/**  
 * Check if the current page is SSL
 */
function securepages_is_secure() {
  return ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ? TRUE : FALSE;
}

I too am having a problem enabling secure pages. This is my first time setting up an Ubercart site so am learning as I go!

Having generated my private key, csr and self-signed key, I then went back to /admin/build/modules and enabled the secure pages module, after which I was prompted to go and enable secure pages at /admin/build/securepages.

At this point I am not able to enable secure pages because the radio button is greyed out. After reading this thread of discussion I don't think this is the reason for my problem as don't think I've got that far!

Having visited the /admin/build/securepages page, I checked my error log and saw this:

vi /var/log/httpd/ssl_error_log 
[Sat Feb 19 09:36:31 2011] [error] [client 67.207.133.154] File does not exist: /var/www/html/admin

Is this file path hardcoded somewhere in a module?

I don't understand what it is I expect to see at this point and how to fix.

Can you help me?

@JeniferTucker It sounds like you're not quite sure how to setup SSL in your web server (Apache I assume). Get this working then access /admin/build/securepages via https. The SSL setup has nothing to do with Drupal or this module which only forces certain pages to https via redirects.

I also ran into the problem with HTTP_X_FORWARDED_PROTO not being supported. Attached is the patch I've been using for a little while now. It essentially accomplishes the same thing as #51.

Hi, I've opened a new issue to centralize this discussion:
#1096744: Document support for proxies and non-standard web server configurations

In the meantime, details on how to configure non-standard servers for securepages can be found here:
http://www.metaltoad.com/blog/running-drupal-secure-pages-behind-proxy

This is what worked for me:

http://www.ubercart.org/forum/support/10407/cannot_enable_secure_pages_m...