Hey Everyone,I currently run phpbb and there is no facility to force SSL during logins only - it's only full-time SSL or not. Because I have to encrypt logins, I do the following in my .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
This essentially forces full-time SSL, which is kinda ok, but I'm
running into weird phpbb quirks (SSL write delays) so I'd like to try
and enable SSL only during logins.
Since it is difficult to manipulate the protocol section of the URL in the phpBB code (http/https), I am thinking of appending a url variable whenever a user is redirected to the logon page that would look like this:
https://mysite.com/forums/posting.php?mode=post&f=3&ssl=trueAnd my hope was that I could have the rewrite mod look at the url and see if it contains ssl=true, and if so, force https.
Seem doable? I would think searching a URL should be pretty simple, but I am not very well versed in regular expressions. I was hoping someone could help me write the rewrite condition to search for a string.
Thanks! Mike --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|