News:

Wondering if this will always be free?  See why free is better.

Main Menu

http/https both work

Started by Sir Osis of Liver, April 15, 2019, 12:45:26 PM

Previous topic - Next topic

Sir Osis of Liver

One of my regulars just contacted me after a while, he's having a problem with paid subscriptions.  Checking his site, he has SSL cert installed, http and https urls both work.  If forum is accessed via http, all links go to http; in https all links remain at https.  repair_settings shows all paths as http.  No idea what he did, don't know if it's affecting paid subs.  How can http and https both be working?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

AlanDewey

I just converted mine to httpS only a couple weeks ago.

The first step for me was to go to   Administration Center »  Server Settings »  Database and Paths   and add the S to the Forum URL. 

When I did that, people could land on http://www.   but all links that they could click on would have them then go to httpS://

Change the "forum url" then hover over everything and see if the link is indeed httpS://......

But, if they started entering login information right away, they would still be on a non-encrypted page.   So, now to force them to use httpS://   is done in IIS configuration  (for those of us using windows server and IIS10 (also works on my old server with IIS7. ) 

Causing lots of electrons to push each other around since 1985.

Kindred

AlanDewey -- Sir Osis is aware of the method and actions.

What he's asking is How can the forum be using either/or.
By definition, the forum URL is set to one or the other...

and I didn't think that SMF supported protocol relative URLs
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

GigaWatt

Quote from: Sir Osis of Liver on April 15, 2019, 12:45:26 PM
How can http and https both be working?

Redirects in htaccess ???... probably ???... or not having any ???.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Sir Osis of Liver

If you go to packsearchers.com you arrive at http://packsearchers.com/forum/, all links remain at http.  If you change any url from http to https, all links remain at https.  There's an .htaccess redirect in /public_html that redirects the domain to /forum -



RewriteEngine on
RedirectMatch ^/$ /forum/



It's been there a while and works, but that's all it does.  repair_settings reports all paths as http.  The SSL cert was installed by host, I'm guessing that nothing else was done to complete the conversion to https, but don't understand why both http and https urls work.

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

shawnb61

My understanding is that if https is enabled & a cert is installed, apache will serve up either, depending on the request.  (And depending on your apache config...)

But how do themes, avatars, etc. end up https as well?   loadTheme() in Load.php actually has logic that, if it was loaded via https, changes all the board, theme, avatar settings, etc., in memory to https ~lines 1950-1974. 

The only way to force it to always go https is with a redirect.  Without the redirect, they both work.

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Sir Osis of Liver

I'll try to find out what he did, but I suspect host installed cert and he left it at that.  Meanwhile, shouldn't break the forum to set everything to https with repair_settings.  One odd thing, there's a .htaccess.txt file in account root (above /public_html), looks like someone tried something and took it out -



RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Advertisement: