Cannot Enable Secure Pages

Is everyone as stumped as I am with this issue?

-Mike

I should mention that PHP has openssl compiled with it. The SSL cert is installed properly, and I can get to the site from the initial page https://domain, but nowhere else.

-Mike

Ok, I seem to have tracked it down somewhat - it has something to do with clean urls being enabled.

I should probably mention that my clean urls are enabled by having rewrite rules in apache for them - I assume the issue would be the same with an .htaccess file, but I guess I will need to test that.

-Mike

There should be a like in the description which will allow you to go to the ssl version of this page, and then you will be able to enable securepages

Actually, the issue is with Clean URLs and Secure Pages - apparently they do not work together.

-Mike

I am using clean url's on all my sites and I am having no problems.

Gordon;

Which versions of each are you using?

-Mike

I am using the latest version at many sites.

I am using the latest version at many sites.

This is still a problem. Is there a workaround yet?

The site I am working on and all its links work well with both http: and https: protocols. Clean URLs are enabled. No caching involved (yet).

NOTE: Disabling Clean URLS and the path module did not help in allowing to enable this module. Cannot get the "enable" radiobutton to become clickable.

Running CVS drupal and modules (Tag:Drupal-5)

I am having exactly the same problem as above. The radio button to enable is simply greyed out and can't be selected.

I have all the same settings as above. Any suggestions would be greatly appreciated.

Adrian

Generally if this checkbox is greyed it is because it cannot verify that SSL is enabled on your site.

The easiest way to get around this is to goto the ssl version of the page and then it will not be greyed out.

I try that by clicking the link and the page changes without problem to https://... but it is still greyed out. I have my own ssl (i.e. it's not shared).

I have even today tried updating to drupal version 5.9 and I have tried both the stable and development versions of secure pages.

The main reason I need it is for the ubercart module so I can force the payment page to https. I could have the whole site https but then people using IE6 or 7 get the constant warning on every page about secure and unsecure items.

I am at a total loss!

Give the Dev version a go, I have don't a heap of changes that may fix this.

Gordon.

I already tried that I'm afraid. Exactly the same. Not sure if it's important but I don't run my site from the root. It is run from http://www.example.com/drupal/ (base url in settings.php is correct) Not sure if that's important.

Thanks

Adrian

I am having the same problem! Its driving me crazy!

I have tried all kids of Rewrite modifications in .htaccess - but with no luck.

I just need to get a couple of nodes (pages) set to a https - and I can't enable Secure Pages.

There are 2 reasons why you can't enable secure pages.

1. Drupal is not set up to go to https version of the site.
2. the $_SERVER['HTTPS'] is not being set to 'on'

So if you go to the secure version of your website you should be able to enable secure pages. If you are in https://example.com/admin/settings/securepages and you can't enable secure pages then $_SERVER['HTTPS'] is not set to on

Gordon.

Where do I enable:
1. Drupal is not set up to go to https version of the site.
2. The $_SERVER['HTTPS'] is not being set to 'on'
I have enabled the secure page mod, but it is grayed out. I am using Drupal 6.x with clean URLs

I am using
Drupal 6.x
PHP Version 5.2.4-2ubuntu5.3
MYSQL Server version: 5.0.51a-3ubuntu5.1
Ubuntu Server Hardy

https works fine on port 443 with the site I hade up before I used Drupal. I hand coded that one in php. It also worked if I did not use clean urs and typed in https://mysite.com.

I am really lost here. Please help

All the best.

hi,

Basically with securepages not enabled you should still be able to go to the secure version of your site. ie. https://www.example.com and the site will work as normal.

If from the https version of the site you can go to the secure pages settings and it will allow you to enable it.

If you are at https://www.securepages.com/admin/settings/securepages and you cannot still enable it then if you look at the phpinfo

and look at the bottom on the https version will see the PHP Variables and there should be an entry for _SERVER['HTTPS'] see if the value is set to on.

If that is still not correct then there is bigger problems than securepages.

Gordon

Hey Gordon,
It may be helpful to remember in the future that you can direct people the the built-in Drupal phpinfo. Click on the php version number in the status report. Here's the URLs:

D5
https://www.example.com/admin/logs/status/php

D6
https://www.example.com/admin/reports/status/php

HTH
-Cedar

I am experiencing a similar problem as stated above by others. The Enable Secure Pages radio buttons (Disable, Enable) are grayed out even though I am successfully accessing this module administration page through a link like https://www.myexample.com/admin/settings/securepages.

My site is hosted on:
FreeBSD
Apache 2 with OpenSSL support
PHP 4.47
MySQL 5.0.24

Looking at the discussion and the code, my php implementation requires that $_SERVER['HTTPS'] is on. But this implementation of PHP in Apache 2 does not display the $_SERVER['HTTPS'] variable. I can tell this by displaying the results of phpinfo() in a test drupal page.

Is there a way to use the SERVER_PORT environment variable instead?

Thanks

In my setup, I get $_SERVER['HTTPS'] set to on if I go to the page using its IP address, but not if I refer to my server by name. Anybody know why that might be?

I take it back. The Drupal php status page is only a partial phpinfo().

I had the same problem.

I've fix it. In file securepages.module line 312, function securepages_is_secure()

$_SERVER['HTTPS'] == 'on' changed to $_SERVER['HTTPS'] == '1'

return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == '1') ? TRUE : FALSE;

Automatically closed -- issue fixed for two weeks with no activity.

We have an ubercart site Send My Card that sends birthday cards. This has been driven me crazy. Many thanks, this solved my issue. We have our own certificate on shared 1and1 hosting.

I don't think this can really be considered fixed, since the bug remains. On some hosts $_SERVER['HTTPS'] is set to "on", and on others it's set to "1". The function should check for either value so that SSL is properly detected anywhere.

That worked for me - great, thanks!

My host doesn't set $_SERVER['HTTPS'] on a secure connection - they set $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'. A bit of research shows that there is quite a variety of ways to indicate whether a given connection is secure.

To make this work with our host, I've used PHP's auto-prepend function to translate our host's variable. I've created a page ssl_check.php:

and added a call to it in my site's php.ini:

Different host configurations may need this adding to .htaccess instead of php.ini (although the .htaccess syntax is slightly different)

I also ran into this - attached patch incorporates #27 and an additional check for SERVER_PORT.

Basically the same problem solved by ip_address() in Drupal core. Anyone feel like trying to get HTTP_X_FORWARDED_PROTO handling into core? When/if we ever get https stuff into core, that will probably be the time... :) Until then, Mark's solution looks like it should work nicely.