Hi,
Or you can take a look the securepages module which will transfer you between http and https
Gordon.
Mark Shropshire wrote:
I had the same questions a year or so ago. Most of the time folks told me to change the base url to https, but that of course forces ssl across the entire Drupal site which isn't very efficient if you don't need ssl on the entire site.
A friend passed this code on to me and I am sorry to say I am not sure where it came from originally, but I have greatly benefited from it on my Drupal sites. Just replace the base url line in sites/default/settings.php with this code:
*$base_url = 'http://localhost%27;*
*if (!strcasecmp(substr($_SERVER['REQUEST_URI'],0,5),'/user') && !isset($_SERVER['HTTPS'])) {*
- header("Location: https://" . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI']);*
- exit();*
*}* *if (!strcasecmp(substr($_SERVER['REQUEST_URI'],0,5),'/user')) {*
- $protocol = "https";*
*}* *else {*
- $protocol = "http";*
*}* *$base_url = $protocol . "://yoursite.domain.com";*
Make sure to change the list line to your web site base url. This code will force a redirect to an https session for requests to the /user are in Drupal which covers logins. Make sure to turn off the login block as this code does not protect the block. The cool thing about this bit of code is that it can be extended to redirect other areas of Drupal to https as needed.
I hope this helps.
Thanks! Mark
On Jun 12, 2006, at 3:46 AM, dondi_2006 wrote:
Greetings,
I've just realized that (at least with default settings) the admin section of a drupal website is accessible via normal http, that is, I guess also the password when I login is transmitted in plain text.
How do I make sure that all admin pages and those only, are sent via https, and that username and passwords are sent encrypted from the browser?
TIA, O.
-- [ Drupal support list | http://lists.drupal.org/ ]
!DSPAM:1000,448d5efd315934455618576!