I was enabling "Encrypt Login Form" for my joomla website but after user logging in, it always forwarded to https:// url. Is there any easy way to force forwarded url to use http:// ? So the ssl will be used for login or registration purpose only?
Thanks
Related
How do I redirect if a user tries to direct access image files from browser only?
How to redirect from
https://img.example.com/c/600x1200_90_webp/img-master/img/2022/01/03/08/04/54/95259215_p0_master1200.jpg
to
https://example.com/detail?id=95259215
Is there anyway to do this with cloudflare? I can do this with nginx but if I have cloudflare enabled then the redirect won't work
When I want to switch my SVN users and the server to use encrypted HTTPS protocol instead of plain HTTP, the users will also need to relocate their working copies to new https:// URLs or checkout new working copies using the new URLs. URL adjustments in scripts may also be required.
I want to make the transition from HTTP to HTTPS painless and transparent for the end users. Is it possible to implement automatic HTTP to HTTPS redirection with SVN and Apache? How?
Starting from VisualSVN Server 3.6, you can enable HTTP to HTTPS redirection via server settings. There is an option on the Network tab: Automatically redirect HTTP to HTTPS (listen on port 80). Learn more at https://www.visualsvn.com/support/topic/00144/.
I am using cloudflare's "flexible ssl" as an intermediary between client and my site.
After setting this up, I went to the browser and tried accessing my site via https:
https://example.com/login
and everything works. I fill in my login info and log in successfully and am not on http://example.com . I manually enter https://example.com/* where * is many other pages and it all works fine.
Now I want to redirect all requests to use the seemingly working https. So i go to my cloudflare account on their website and create a page rule : http://example.com/* to always use https.
Now I go to example.com/login and successfully redirected to https://example.com/login, I fill in my log in information and submit the login form , the page refreshes and I am back to https://example.com/login with an empty login form.
Anyone know what the problem is or how to help troubleshoot?
I am using laravel as a framework for the site and apache as the webserver.
create a page rule : http://example.com/* to always use https
Noted. Be aware that CloudFlare does this by accepting every HTTP request on http://example.com/* and returning a 301 redirect to the equivalent HTTPS request. The browser completes the redirect by sending a GET request to the HTTPS URL.
I fill in my log in information and submit the login form
Check the login form source carefully and check what URL the login form is submitted to. My guess is that the form is submitted to http://example.com/login or something similar. CloudFlare will accept the POST request to http://example.com/login and return a 301 redirect to https://example.com/login -- which your browser will complete as a GET request and hence not sending the login data.
So your best solution is to make sure that your login form POSTs to the correct HTTPS URL not to the HTTP URL.
That's my best guess anyway.
how to help troubleshoot?
Ensure that you are using different log files to distinguish between HTTP and HTTPS requests on your server.
Some other suggestions:
Get a Let's Encrypt SSL certificate and put that on your site so that the communication between CloudFlare and your site is all SSL. https://letsencrypt.org/
Ensure that HSTS is turned on for all of your HTTPS requests so that the browser will know not to send any requests to any HTTP URLs.
Create a development server where you can test all of this working with HTTPS between the browser and the web server without CloudFlare. Once you've got it all working in HTTPS mode without CloudFlare then you can try it with CloudFlare and you should get essentially the same results. Your problem is with the HTTP -> HTTPS switch, not specifically with CloudFlare.
I have a short url say http://su.in/fixed_pattern
On clicking above url, one can redirect to http://longdomain.com/longurl?variablename=variablevalue
Both domains su.in and longdomain.com are known and trusted servers. Is there any security risk, if I send short url on sms? Do I need to get given short/long url ssl enabled?
I've set up an SSL site on server 2012 using CCS and SNI. When attempting to navigate to it over a non-SSL link (http), the site throws a 404 error.
How can I get it to show the "This site requires SSL" message?
You need to add HTTP to your bindings in IIS.
Instead of showing "This site requires SSL" you should redirect your user to the equivalent SSL page (e.g. http://twitter.com/about would redirect to https://twitter.com/about).
It is bad for both end-users and SEO to display a message with a message asking the user to change the URL. If you look at different websites on the Web you can notice that this is automatic and doesn't require any action from the user.