I have a Joomla 3.3.0 installation running on a webserver without any SSL configuration or a cert. When I try to log in in the administrator area under /administrator, I get an ERR_CONNECTION_TIMED_OUT after some seconds of loading because I get redirect to https://.
The config file contains the following statement:
public $force_ssl = '0';
Is there any other setting i have to turn off to fully disable SSL?
Edit: The form of the login page is pointing at a HTTPS url:
<form action="https://www.domain.com/administrator/index.php" method="post" id="form-login" class="form-inline">
Following extensions are installed:
There are 4 places you will need to check:
Check your .htaccess file - an entry forcing SSL might be there
If you have any security extensions, try disabling them from phpMyAdmin
Check with your host if they are forcing SSL on the "administrator" folder at the server level (this is a remote possibility, but it could happen).
Go to "Extensions" -> "Modules" and then, on the left, filter as "Administrator" (change from "Site" to "Administrator"), and then search for "Login", and then click on the "Login" module, and then change "Encrypt Login Form" to "No", and then click on "Save".
Related
Using Apache I created an HTTPS site that contains a folder called secure [which I want to access with user and password] and another folder called verysecure [which I want to access with certificate authentication].
When I access the site using https://www.example.com I get the default index.html file located in the root, as would be expected. When I access https://www.example.com/secure/ I provide the user and password and get the index.html file located in that folder. When I access https://www.example.com/verysecure/ the certificate popup window allows me to choose the certificate that I want to use and upon doing so I get the index.html file located in that folder.
How can I configure Nginx so that the certificate chooser pop up window comes only when I access https://www.example.com/verysecure/ and not when I access https://www.example.com/ or https://www.example.com/secure/ ?
According to this thread from official nginx development forum, you can't (although this thread is almost 10 years old, SSL/TLS re-handshake still doesn't supported by nginx). The only workaround suggested by Igor Sysoev is to use an optional client certificate verification
ssl_verify_client optional;
and then checking the $ssl_client_verify variable value:
location /verysecure/
if ($ssl_client_verify != SUCCESS) {
# deny client
return 403;
# or process the request on some internal location, see
# http://nginx.org/en/docs/http/ngx_http_core_module.html#internal
# rewrite ^ /internal last;
}
...
}
However using this workaround the certificate chooser window will popup (only for clients who had the correct certificate installed) on the initial TLS handshaking, not only on visiting the /verysecure/ URI.
I'm being asked to redirect a website to https once an SSL certificate is installed. It's a wordpress site and this should be very easy, you simply go to settings and change the http to https, and/or install a plugin to manage everything for you and change all of the "http" in your files for "https".
The certifiate came with problems that the host fixed gradually (it wouldn't pass any test on qualys SSL Labs). However for some reason they sent me an e-mail stating that the certificate is made for the "www version of the site". this site didn't have "www" in it's address.
The non "www" version now redirects to the "www" version but I just cannot get a green padlock. Oddly enough, I did get one refreshing the page a few times and when I did it was all messed up. If I check the page source some stylesheet links for example look for the https:// no www version of the page and this is probably the problem right?
Should I just change manually all of the links in the page or ask the host not to create a certificate for a www version of this website when it didn't have that in the first place?
/* EDIT */
I get this in the console before an error for every single url in the page for images and stylesheets, etc.
Redirecting navigation because the server presented a certificate valid for www... but not for "non www version" To disable such redirects launch Chrome with the following flag: ...
I use XAMPP 1.7.3. Apache and MySQL installed. Nothing else.
Apache installed on default port 80. Clicking on Admin next to Apache opens http://localhost/xampp/. Which works as expected.
I navigated to xampp/apache/conf/httpd.conf and edited it. Set Listen 8080. Now http://localhost:8080/xampp/ works as expected but the Admin button still opens http://localhost/xampp/ which does not open anything. I have restarted the computer after doing so with no results.
How to make XAMPP apache admin open localhost:8080/xampp ?
The port that the Admin button references is configurable. In the XAMPP install folder there is a xampp-control.ini file. Changing the Apache entry under [ServicePorts] will affect the url the Admin button opens.
[ServicePorts]
Apache=8080
I believe the admin button will open the default configuration always. It simply contains a link to localhost/xampp and it doesn't read the server configuration.
If you change the default settings, you know what you changed and you can enter the URL directly in the browser.
you can get loccalhost page by writing localhost/xampp or by writing http://127.0.0.1 you will get the local host page. After starting the apache serve that can be from wamp, xamp or lamp.
Steps using XAMPP GUI:
Step-1: Click on Config button
Step-2: Click on Service and Port Settings button
Final step: Change your port and Save
I agree and found this file under xammp-control the type of file is configuration.
When I changed it to 8080 it worked automagically!
Open XAMPP look below the X to close the program there is a Config option click it then click service and port settings then under Apache change your main port to whatever you changed it to in the config file then click save and your good to go.
This has taken me hours already.
I've a new server with a fresh PLESK 10 installation. Now subdomains are handled differently in PLESK 10, that I know (not domain.tld/subdomains/httpdocs but domain.tld/httpdocs_subdomain for instance).
Now, I got a subdomain working over HTTP perfectly. However, when I change it to https://subdomain.domain.tld it just gives me a Default page.
In older versions, one could select "use one directory for both http and https" but PLESK 10 seems to make no difference anymore. However... Why do I get a Default Page when using https? And more important: How to fix this?
I hope someone can help me out!
Plesk 10 changes the way it manages http and https.
Both http and https point to the same directory now.
When you create a subdomain in Plesk 10, a directory is created in your http root and in the subdomains folder, so say you create a subdomain called "secure", you'll get:
/secure
/subdomains/secure
As for your issue, is SSL enabled for that subdomain?
Within Plesk 10 ensure you have SSL enabled:
Website & Domains
Click on your subdomain
Check Enable SSL Support
Maybe its easy:
Open Plesk
Click on required Domain
Click on File Manager
Click Sub Domain Folder.
Click Add File
Give the path and Click on some buttons.
It does not matter if you are using plesk with https ot http, because even configured over SSL it always fetch the files from httpdocs folder.
I have a site on joomla and I want to make some specific pages works by secure connection ,
other by simple http connection. Is there some step-by-step manual how to setup apache and joomla for such needs.
You must create a two Apache configuration for this site. One for port 80 (http), and the other for 443 (https). In the settings menu in the admin panel to specify "ssl enabled" to the desired value.
There's a Joomla Plugin called SSL Redirect plugin by Yireo software that might simplify the setup if some parts of the site are SSL and some not.
http://joomlawebhosting.ca/joomla-15-tips/63-joomla-ssl-https-setup.html
http://www.joomlahackers.net/joomla-tutorials/how-to-setup-ssl-in-a-joomla-site.html
http://www.joomlahackers.net/virtuemart-tutorials/how-to-setup-ssl-in-virtuemart-in-a-joomla-site.html