Thread: Force https
View Single Post
  #1  
Old 30th March 2012, 18:44
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Lightbulb Force https

Hi ISPConfig Devs,

I am currently in the re-customization phase after the latest ISPConfig 3 Update.

I am using a .htaccess file to enforce SSL on the subdomain of the control-panel. For me this is not the most elegant way of solving the problem.
Roundcube has a nice variable called "force_https". If it is true ssl is enforced.

The implementation in the index.php (of Roundcube 0.8 beta):

Code:
// check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
  $https_port = is_bool($force_https) ? 443 : $force_https;
  if (!rcube_https_check($https_port)) {
    $host  = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
    $host .= ($https_port != 443 ? ':' . $https_port : '');
    header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
    exit;
  }
}
This way it would work "out-of-the-box" without .htaccess file in Apache and nginx.
I hope this could be taken into consideration for the next minor release.

Feature Request: http://bugtracker.ispconfig.org/inde...ls&task_id=215

Greatings from Germany,
Christian

Last edited by cfoe; 30th March 2012 at 21:05. Reason: added link to feature request
Reply With Quote
Sponsored Links