/admin in https

Beber · September 20, 2006, 3:26pm

Hi,

Is there a way to make the /admin into https and everything else in http
?

Thanks

Beber · September 21, 2006, 3:42am

On Wednesday 20 September 2006 21:10, Beber wrote:

Hi,

Is there a way to make the /admin into https and everything else in http ?

I do this on the Apache side using redirects, but it isn’t pretty.

TX

Beber · September 21, 2006, 3:25pm

Trejkaz [email protected]

On Wednesday 20 September 2006 21:10, Beber wrote:

Hi,

Is there a way to make the /admin into https and everything else in http ?

I do this on the Apache side using redirects, but it isn’t pretty.

I tried that and with ProxyPass setting and it only fails. Could you
paste me your redirection ?

Thnaks

Beber · September 21, 2006, 7:36pm

On 9/21/06, Beber [email protected] wrote:

paste me your redirection ?
Sooner or later I’d like to make this a config option–if it’s set,
then Typo generates all /admin URLs with https://. That’d probably be
easier. Feel free to submit a patch :-).

Scott

Beber · September 22, 2006, 1:43am

Scott,

I believe that the rails team has already done this for you

In the the httpd.conf in your <VirtualHost *:443> record add this

RequestHeader set X_FORWARDED_PROTO “https”

Then all of your url_for() will correctly render https or http depending
on
the RequestHeader parameter

I’m not a sys admin … Nor do I play on on TV… This is where I
learned
about this little gem. (Also I should mention that we are running
apache 2/
Mongrel Rails)

http://www.planetrubyonrails.org/show/feed/60

-Linda D.

Beber · September 22, 2006, 1:49am

In my case we turned the entire site into https, so that solved my
problem.

(Did I mention that I’m not a sysadmin
where is the flaw in this logic?
Add proxy pass for /admin /accounts in the *:80 record to the https
urls.
Add the X_FORWARDED_PROTO to the :443 record.

My thought is that if rails produces a /admin or /accounts url with http
then the proxypasses will convert it to https.

Unless your point is that once in https there is no way to return to
http?
So you would end up putting proxypasses in https to point /articles etc
to
http.

-Linda

Beber · September 22, 2006, 1:47am

That’s part of the issue, but it’d be nice if every link to /admin
(or /accounts) used https while non-authenticated links still use
http. That’s a bit harder to do from Apache.

Scott

Beber · October 1, 2006, 11:58am

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/09/2006, at 05:23 AM, Scott L. wrote:

That’s part of the issue, but it’d be nice if every link to /admin
(or /accounts) used https while non-authenticated links still use
http. That’s a bit harder to do from Apache.

Part of the problem I had with this kind of trick from Apache was
that the admin interface still links to various resources
(stylesheets, image files) which are outside the /admin URL scheme.
So I had to put in a whole set of extra rules to make those ones not
auto-redirect back to http:, otherwise browsers would give a bunch of
security warnings (displaying non-secure resource from secure page,
etc.)

TX

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFH2PpuMe8iwN+6nMRAjxGAJkBBF2+c6bpEVuHwreOf8f64OWu3wCeNVRS
BhUODYxqS2YLtufJIM0IlO0=
=FbEW
-----END PGP SIGNATURE-----