Jump to content

IP.Board 3 HTTPS Admin Area


Firewater

Recommended Posts

  • 2 weeks later...

Modify the following file to something like this:
/admin/sources/classes/output/adminOutput.php - Line 132 ...


 		/* Update paths and such */

		$this->settings['base_url']		= $this->settings['_original_base_url'];

		$this->settings['public_url'] = $this->settings['_original_base_url'] . '/index.php?';

		$this->settings['_original_base_url'] = str_replace( 'http://', 'https://', $this->settings['_original_base_url'] );

		$this->settings['public_url'] = str_replace( 'http://', 'https://', $this->settings['public_url'] );

		$this->settings['base_url'] = str_replace( 'http://', 'https://', $this->settings['base_url'] );

		$this->settings['public_dir'] = str_replace( 'http://', 'https://', $this->settings['public_dir'] );

Also add this to the .htaccess to force SSL in the admin directory:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://forums.domain.com%{REQUEST_URI}



This will make the admin section work almost completely via SSL. Only some images and javascript files aren't loading via SSL which isn't that important.
Please note that you first need to have a safe working and installed SSL certificate at your server before this works.

I hope this get implemented at a more fancy way in IPB3 as standard option.

Link to comment
Share on other sites

  • 4 weeks later...
  • 5 months later...

Hi,



Security suggestion to have the admin area and logon to run under HTTPS/SSL if enabled in say the inidata.php.



what does everyone think?




Ignoring the login area as that is already an option...
Yes, it would be nice to be able to have the admin area ALL served via SSL with a built in option (without having to edit code). It's possible to get some of it right now with some code edits, but it doesn't serve everything via SSL - there are still many page elements that end up being served over http which causes a "not all elements on this page are secure" warning.

Particularly with the upcoming integration of Nexus, it would make sense for the admin area to be served secure.
Link to comment
Share on other sites

  • 3 months later...


Also add this to the .htaccess to force SSL in the admin directory:


RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://forums.domain.com%{REQUEST_URI}

A more flexible version of this rule:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}



It might not work always, but for most cases it will work well.

Link to comment
Share on other sites

  • 9 months later...

Modify the following file to something like this:


/admin/sources/classes/output/adminOutput.php - Line 132 ...



		/* Update paths and such */

		$this->settings['base_url']		= $this->settings['_original_base_url'];

		$this->settings['public_url'] = $this->settings['_original_base_url'] . '/index.php?';

		$this->settings['_original_base_url'] = str_replace( 'http://', 'https://', $this->settings['_original_base_url'] );

		$this->settings['public_url'] = str_replace( 'http://', 'https://', $this->settings['public_url'] );

		$this->settings['base_url'] = str_replace( 'http://', 'https://', $this->settings['base_url'] );

		$this->settings['public_dir'] = str_replace( 'http://', 'https://', $this->settings['public_dir'] );

Also add this to the .htaccess to force SSL in the admin directory:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://forums.domain.com%{REQUEST_URI}



This will make the admin section work almost completely via SSL. Only some images and javascript files aren't loading via SSL which isn't that important.
Please note that you first need to have a safe working and installed SSL certificate at your server before this works.

I hope this get implemented at a more fancy way in IPB3 as standard option.



Thank you very much for this piece of code Joriz.
Link to comment
Share on other sites

  • 7 months later...

Modify the following file to something like this:


/admin/sources/classes/output/adminOutput.php - Line 132 ...



		/* Update paths and such */

		$this->settings['base_url']		= $this->settings['_original_base_url'];

		$this->settings['public_url'] = $this->settings['_original_base_url'] . '/index.php?';

		$this->settings['_original_base_url'] = str_replace( 'http://', 'https://', $this->settings['_original_base_url'] );

		$this->settings['public_url'] = str_replace( 'http://', 'https://', $this->settings['public_url'] );

		$this->settings['base_url'] = str_replace( 'http://', 'https://', $this->settings['base_url'] );

		$this->settings['public_dir'] = str_replace( 'http://', 'https://', $this->settings['public_dir'] );

Also add this to the .htaccess to force SSL in the admin directory:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://forums.domain.com%{REQUEST_URI}



This will make the admin section work almost completely via SSL. Only some images and javascript files aren't loading via SSL which isn't that important.
Please note that you first need to have a safe working and installed SSL certificate at your server before this works.

I hope this get implemented at a more fancy way in IPB3 as standard option.



Is there an update for this nice code, please ?
Link to comment
Share on other sites

  • 1 month later...
  • 6 months later...

Im going to wake up this old thread.

This could still be a usefull feature.

The issue now, is that the admin portion of the board uses features from the regular forum section. So forcing SSL using htaccess will make some browser not display the unsecured content, ie css, javascripts and such, so the admin CP will be a bit messed up.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...