By rentex on
1. How to test enforced redirection for the ?q=user page, so that even if a web site normally runs on HTTP, it will always use HTTPS (SSL) on the login page?
2. The user creation and user account pages should also be under enforced SSL.
3. What about sites that have login on the front page, and the front page does not use SSL? How to ensure that the username and password is sent securely?
Comments
I
I
In short words
Which rule to use in the htaccess-file if I want only the login-page to be under https?
How exactly would the final result look like, after the relevant rule was applied correctly?
And if I also want the registration page to be under https?
This is how far I came, but I didn't get it working yet
Greatfull if anyone could help:-)
the following works for me
the following works for me (using a login url).
Same here...
I'm struggling with I think the same issue. I want basically login and anything that's done while logged in (I think) to be done on https but not regular browsing by those not logged in, if that makes sense.
//Magnus
Interesting, but not exactly what I meant
That would be interesting to know how to do: SSL (https) only while logged in.
But I only want SSL while I login (the password/username which is transmitted over the internet is the only thing I'd like to be under encryption).
You need to set up HTTPS
You need to set up HTTPS serving on your web host first. That's a complex procedure, but there are lots of howtos out there.
Then block /user through .htaccess or Apache conf files for the non-HTTPS connection. That's easy.
The hard bit will be setting up HTTPS and then persuading Drupal to work over it. (relative links &c.)
Probably easier to accept the fact that interception is VERY unlikely, or write a custom login module which uses HTTPS frames.
-- Version Control your Drupal web site with The File High Club's Free Trial!
Thank you
Thank you.
HTTPS/SSL is ready on my server, and it's fully functional.
How to block /user through .htaccess or Apache-conf-files for the non HTTPS connection (does this also redirect those who go at http://.../.../user to HTTPS)? Could you please post an example-rule (piece of code) that actually works in combination with Drupal?
two resources:
An issue, with patches. http://drupal.org/node/1577 to make this easier in Drupal
A howto, very detailed and very good: http://drupal.org/node/53567
---
Professional | Personal
| Sympal: Development and Hosting