[support] how to make drupal admin section https only?
Mark Shropshire
mdshrops at shropnet.com
Tue Jun 13 21:57:33 UTC 2006
I just installed securepages module and tested it. It appears to work
similar to the solution I had for settings.php where it redirects the
https after the http page start to generate. It comes loaded with the
following patterns that it redirects to https:
node/add*
node/*/edit
user/*
admin*
This part works kind of like block visibility. There is also a
checkbox to switch back to http when a match from the list above is
not made. I am very pleased with how this works and will switch my
sites over to use this as opposed to the settings.php code changes I
mentioned. I really like the way this is setup. Great job Gordon! I
did notice that since admin* was already in the default list, my
first test on a localhost drupal site was problematic since I didn't
have ssl setup there and I couldn't get back into admin to turn off
securesites. I then tested on a server with ssl and it worked perfect.
On a related note, I just finished listening to the latest lullabot
podcast and Jeff, Ted and Matt were interviewing Gordon. He mostly
talked about ecommerce and then mentioned securepages! Kind of since
we have been discussing it. This module has really been needed and is
important for sites that have ecommerce, ldap integreation (like me)
and other needs to encrypt traffic.
Hope this helps!
Thanks,
Mark
PS. I attached a screenshot of the settings page. I am not sure if it
will go to the list, but we will see.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture 1.png
Type: image/png
Size: 36992 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/support/attachments/20060613/ac9140aa/Picture1-0001.png
-------------- next part --------------
On Jun 13, 2006, at 5:17 PM, dondi_2006 wrote:
>
>> Gordon can comment on his module, but anytime you want to be sure you
>> are encrypting from one page to another is to check the url in the
>> <form action=.... statement. If the url has https:// you are posting
>> via ssl.
>
> I know. I am asking because I probably won't have the possibility
> to install the module and test it before saturday...
>
>> Once Drupal realizes that you are requesting a page that needs
>> https://,
>> it redirects you immediately.
>
> Yes, but it should realize it _before_ I request it. That is, it
> should
> generate html code with an https URL every time it (re) generates a
> page
> with a form pointing to the admin section. Even if it won't be used.
> This was the sense of my question. Is this what actually happens
> with that
> module?
>
> TIA,
> O.
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
More information about the support
mailing list