HTTPS Re-direct

[bswinnerton]

Hi guys,

I'm running into a little bit of trouble. I just bought a ssl certificate specifically for my webmail. I want it so that whenever someone tries to use port 80 to get to my webmail it automatically re-directs to my https site.

I can't make a new index.html with a meta redirect in it because i'm assuming in the index.php file there is something pointing to / as opposed to /index.php. So what happens is it brings me right back to the login screen once i click login.

I also can't do a php redirect because it just makes a loop. Does anyone have any ideas?

Thanks

[methilnet]

In index.php, right before

Code: [Select]

// application constants
define('RCMAIL_VERSION', '0.1');

add this

Code: [Select]

if ($_SERVER['SERVER_PORT'] !== 443) {
  header("Location: [url]https://www.example.com/"[/url]);
}

That should do it

[bswinnerton]

No, that just makes a loop. I get the error from my browser.

[methilnet]

oup typo!

"!=" instead of "!=="

Code: [Select]

if ($_SERVER['SERVER_PORT'] != 443) {
  header("Location: [url]https://www.example.com/"[/url]);
}


[bswinnerton]

I don't think that was a typo. For some reason the browser just comes back with a message and says that it can't display the page because it will just go into a continous loop. Even with the two ==

[jimcavoli]

You can definitely do a php redirect, try something maybe analyzing the request protocol more like

Code: [Select]

if(substr($_SERVER['SERVER_PROTOCOL'],0,5) != "HTTPS") {
  header("Location: [url]https://www.yoursite.com/path/to/login/"[/url]);
}
The other thing you could do is just let them request the login page over HTTP on 80, but make the form action go go "https://..." and then the data will be submitted securely from the form, and then the user will be on an SSL connection.

[bswinnerton]

After doing this, here is the message I get from firefox:

Code: [Select]

Redirect Loop
   
   

     

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

   


   
   

The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.

  * Have you disabled or blocked cookies required by this site?
  * NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.

[bswinnerton]

What kind of script can i use for the form action?

[cornbread]

You can definitely do a php redirect, try something maybe analyzing the request protocol more like

Code: [Select]

if(substr($_SERVER['SERVER_PROTOCOL'],0,5) != "HTTPS") {
   header("Location: [url]https://www.yoursite.com/path/to/login/"[/url]);
}
The other thing you could do is just let them request the login page over HTTP on 80, but make the form action go go "https://..." and then the data will be submitted securely from the form, and then the user will be on an SSL connection.

how can we do this? I would love to know! TIA

[bswinnerton]

Here is what I got to work:

Put this in the .htaccess file on the roundcube folder


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

[jimcavoli]

To make a secure form submission, edit your skin's /templates/login.html file, find the line that starts the login form. It looks like this (for the default theme, its on line 39):

Code: [Select]

<form name=&quot;form&quot; action=&quot;./&quot; method=&quot;post&quot;>
Change it to this:

Code: [Select]




[bswinnerton]

So which of these two ways would be more secure?