[support] how to make drupal admin section https only?
Gordon Heydon
gordon at heydon.com.au
Mon Jun 12 12:44:23 UTC 2006
Hi,
Or you can take a look the securepages module which will transfer you
between http and https
http://drupal.org/node/65632
Gordon.
Mark Shropshire wrote:
> I had the same questions a year or so ago. Most of the time folks told
> me to change the base url to https, but that of course forces ssl across
> the entire Drupal site which isn't very efficient if you don't need ssl
> on the entire site.
>
> A friend passed this code on to me and I am sorry to say I am not sure
> where it came from originally, but I have greatly benefited from it on
> my Drupal sites. Just replace the base url line in
> sites/default/settings.php with this code:
>
> *$base_url = 'http://localhost';*
> *
> *
> *if (!strcasecmp(substr($_SERVER['REQUEST_URI'],0,5),'/user') &&
> !isset($_SERVER['HTTPS'])) {*
> * header("Location: https://" . $_SERVER['HTTP_HOST'] .
> $_SERVER['REQUEST_URI']);*
> * exit();*
> *}*
> *if (!strcasecmp(substr($_SERVER['REQUEST_URI'],0,5),'/user')) {*
> * $protocol = "https";*
> *}*
> *else {*
> * $protocol = "http";*
> *}*
> *$base_url = $protocol . "://yoursite.domain.com";*
> *
> *
> Make sure to change the list line to your web site base url. This code
> will force a redirect to an https session for requests to the /user are
> in Drupal which covers logins. Make sure to turn off the login block as
> this code does not protect the block. The cool thing about this bit of
> code is that it can be extended to redirect other areas of Drupal to
> https as needed.
>
> I hope this helps.
>
> Thanks!
> Mark
>
> On Jun 12, 2006, at 3:46 AM, dondi_2006 wrote:
>
>> Greetings,
>>
>> I've just realized that (at least with default settings)
>> the admin section of a drupal website is accessible
>> via normal http, that is, I guess also the password
>> when I login is transmitted in plain text.
>>
>> How do I make sure that all admin pages and those only,
>> are sent via https, and that username and passwords are
>> sent encrypted from the browser?
>>
>> TIA,
>> O.
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>
> !DSPAM:1000,448d5efd315934455618576!
>
More information about the support
mailing list