eZ Community » Forums » Install & configuration » https on login page
expandshrink

https on login page

https on login page

Wednesday 04 December 2013 7:04:52 pm - 6 replies

Hi everyone,

How it is possible to use https only for the login and registration page? (/user/login and /user/register)

Cheers

Nazanine

Thursday 05 December 2013 6:22:00 pm

Hi,

You can selectively enable SSL using the [SSLZoneSettings]ModuleViewAccessMode settings in site.ini. See:

http://doc.ez.no/eZ-Publish/Technical-manual/4.x/Reference/Configuration-files/site.ini/SSLZoneSettings/ModuleViewAccessMode

Friday 06 December 2013 4:43:27 pm

Thank you Peter,

There is a problem although i everything seems correct on my configuration:

 

I have added on my siteaccess:

[SSLZoneSettings]

SSLZones=enabled

SSLSubtrees[]=/user

ModuleViewAccessMode[user/*]=ssl

 

Then I enabled ssl mod on the server,

And I added at the end of my virtualhost:

 

 

<VirtualHost *:443>

       ServerAdmin webmaster@localhost

       ServerName www.mysite.com

       DocumentRoot /var/www/ mysite /ezpublish_legacy

       <Directory /var/www/ mysite /ezpublish_legacy>

       </Directory>

       CustomLog ${APACHE_LOG_DIR}/logmysiteOfficiel/ssl_access.log combined

       SSLEngine on

       SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem

       SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key 

</VirtualHost>

 

But when I accede the login page It stops working:

In browser I have: This webpage has a redirect loop

 

 

And on my apache logs :

"GET /mysiteaccess/user/register HTTP/1.1" 302 777 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"

 

If i try to connect my site via ssl mode manually ('https://www.mysite.com') . i got a 403 forbidden error.

 

 

Can you please help if all of these can give you some idea???

Modified on Friday 06 December 2013 5:28:43 pm by nazanine ahmadi

Monday 09 December 2013 3:34:39 am

Are you using URL or hostname access?

Monday 09 December 2013 9:45:14 am

Hi Betsy , 

I am using Host name access.

Saturday 14 December 2013 2:10:18 am

It sounds like an Apache configuration issue, probably RewriteRules.

You might get some helpful information from the RewriteLogs, setting them to collect as much information as possible until the issue is resolved, then remove them.

Another idea would be to use curl on the command line to see where the redirect is pointing, like this:

 [tmp]$ curl -I http://edit.mysite.com
HTTP/1.1 302 Found
Date: Sat, 14 Dec 2013 01:05:03 GMT
Server: Apache
Location: https://edit.mysite.com
Content-Type: text/html; charset=iso-8859-1

edit.mysite.com forces all requests through HTTPS, because it is an admin interface.

The .htaccess code looks like this:

 RewriteCond %{SERVER_NAME} ^edit
 RewriteCond %{HTTPS} =off [NC]
 RewriteRule .* https://edit.mysite.com [L]

Thursday 13 February 2014 4:25:55 pm

Hi Nazanin,

Have you found a solution for your problem.??

I got the same problem but only when i try to be connected with chrome and safari..

Thx.

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from