HTTPS Redirect

Submitted by pcfreak30 on Tue, 01/19/2016 - 17:08

The site needs a forced https redirect for both security and the fact you appear logged out switching between http and https. Example is viewing a ticket I am asked to logged, but when doing so I am already logged in as the link goes to https.

Status: 
Closed (fixed)

Comments

Submitted by andreychek on Tue, 01/19/2016 - 17:14

Thanks for the suggestion, I will look into setting that up.

Joe's picture
Submitted by Joe on Fri, 01/22/2016 - 22:30 Pro Licensee

Yes, I think this will have to happen. I don't really like the way Drupal handles sessions now, but I guess there's no harm in going all SSL all the time for all users. I've already enabled redirects for virtualmin.com (no www) and new.virtualmin.com (which existed for a little while to help folks who'd found themselves with outdated DNS, and has oddly and confusingly stuck around due to issue notifications from users who got to the site that way).

Joe's picture
Submitted by Joe on Sat, 01/23/2016 - 01:50 Pro Licensee

Status: Active ยป Fixed

Welshman's picture
Submitted by Welshman on Sat, 01/23/2016 - 10:23

.htaccess can take care of it.

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

May have my wires crossed here but that will force https.

Submitted by andreychek on Sat, 01/23/2016 - 10:27

Thanks :-)

We know how to do a redirect, that just comes with other complications that we're trying to fully consider before implementing such a thing. There's a few concerns there, including the additional resource requirements of having all traffic due SSL. But we're thinking this new server should be able to handle that!

Joe's picture
Submitted by Joe on Sat, 01/23/2016 - 10:48 Pro Licensee

Y'all know y'all commenting on a "fixed" thread, right? ;-)

We're all SSL all the time now. At least, I think we are. Maybe y'all see something I don't?