Help with SSL
Fmslick
New
Hello,
I'm here to VF v2.8.1 but worked with other forum types out there however I am having an issue with enforcing the use of SSL / https.
I have done some googling or well all day and homework but all that I have found and or try is old and out of date / brakes the site. So could someone point me the right way here for VF v2.8.1?
.htaccess & Config.php are new fresh install to work with.
PS.
I know this is asked and talked about all other the forum but I gotta be doing something wrong or just missing something here so I am willing to be told how to make this work lol.
Thanks.
Tagged:
0
Comments
Welcome to the community! 😄
There is a config setting in Vanilla you can set to enforce SSL links on the app-level. See this discussion for more info: https://open.vanillaforums.com/discussion/comment/256295#Comment_256295
For Apache, you can rewrite all URLs to redirect to https and even have www redirect to non-www and vice versa, too.
Add Pages to Vanilla with the Basic Pages app
Thanks for your reply, I have Allow & ForceSSL both turned on in the config file and added a redirect to my .htaccess file. However its not redirecting (should I say)..
config.php
.htaccess
# Original # If you modify this file then change the above line to: # Modified <IfModule mod_rewrite.c> RewriteEngine On #### # Certain hosts may require the following line. # If vanilla is in a subfolder then you need to specify it after the /. # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum) #### #RewriteBase / # Make sure that / doesn't try to go to index.php without a rewrite :) DirectoryIndex disabled #### # Deny access to certain directories that SHOULD NOT be exposed. #### RewriteRule (^|/)\.git - [L,R=403] RewriteRule ^cache/ - [L,R=403] RewriteRule ^cgi-bin/ - [L,R=403] RewriteRule ^uploads/import/ - [L,R=403] RewriteRule ^vendor/ - [L,R=403] #### # Prevent access to any php script by redirecting the request to /index.php # You can add an exception by adding another RewriteCond after this one. # Example: RewriteCond %{REQUEST_URI} !^/yourscriptname.php$ # You can comment out this section if it causes you problems. # This is just a nice to have for security purposes. #### RewriteCond %{REQUEST_URI} !/index.php$ RewriteRule (.+\.php) [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L] #### # Redirect any non existing file/directory to /index.php #### RewriteCond %{REQUEST_FILENAME} !-f RewriteRule (.*) index.php [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L] #### # Add the proper X_REWRITE server variable for rewritten requests. #### RewriteCond %{ENV:REDIRECT_X_REWRITE} .+ RewriteCond %{ENV:REDIRECT_X_PATH_INFO} (.+) RewriteRule ^index\.php - [E=X_REWRITE:1,E=!REDIRECT_X_REWRITE,E=X_PATH_INFO:%1,E=!REDIRECT_X_PATH_INFO,L] </IfModule> <IfModule mod_headers.c> <FilesMatch "(?<!embed)\.(css|js|woff|ttf|eot|svg|png|gif|jpeg|jpg|ico|swf)$"> Header set Cache-Control "max-age=315360000" Header set Expires "31 December 2037 23:59:59 GMT" </FilesMatch> </IfModule> # Enforce use of SSL <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] </IfModule>I have found out that My host is using Lightspeed so this could be the issue!!??
[solved]
So I got a hold of my host and they said add this bit to the .htaccess
RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R,L] **** Note: https://www.%{SERVER_NAME}/$1 and not https://%{HTTP_HOST}%{REQUEST_URI} ****Config.php
Issue is fix and all traffic is being forced to SSL / https!
Thanks!