Achievement In Motion Posted April 25, 2015 Share Posted April 25, 2015 How do I force all users to access my site VIA SSL. Im aware of the htaccess trick, but is there a feature integrated through ipb? If not there should be Link to comment Share on other sites More sharing options...
不中用 Posted April 25, 2015 Share Posted April 25, 2015 . System > Login Handlers .. my site is totally https so your setting can be little bit different, the slider should work .. Mind that your SSL config on the server is all set. . Link to comment Share on other sites More sharing options...
Achievement In Motion Posted April 25, 2015 Author Share Posted April 25, 2015 Im well aware of that, but what I'm wanting is it to be fully ssl, not just for logins. For example if you go to my main domain it automatically switches you to https due to the .htaccess config, so that any folder accessed it will automatically switch to https. However this doesn't work for sub domains unless you have a wild card, so i got a separate one because it would be cheaper, any who this still comes down to as if there is a way to do it through acp and have it use ssl on everything rather than just logins without using that one feature that only covers the login's. Huge thing for me especially is when people start using the commerce app. Link to comment Share on other sites More sharing options...
kysil Posted April 25, 2015 Share Posted April 25, 2015 .htaccess<IfModule mod_rewrite.c>Options +FollowSymlinksRewriteEngine onRewriteBase /RewriteCond %{SERVER_PORT} !^443$ RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]</IfModule> Link to comment Share on other sites More sharing options...
不中用 Posted April 25, 2015 Share Posted April 25, 2015 . In NGINX there is this & I guess something similar must be there for Apache .. add_header Strict-Transport-Security max-age=31536000; return 301 https://$host$request_uri; This is when it listens to port 80 (with the 301 redirect) .. if your browser reads this extra header it will lock itself only to HTTPS for your domain .. . Link to comment Share on other sites More sharing options...
Achievement In Motion Posted April 28, 2015 Author Share Posted April 28, 2015 .htaccess<IfModule mod_rewrite.c>Options +FollowSymlinksRewriteEngine onRewriteBase /RewriteCond %{SERVER_PORT} !^443$ RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]</IfModule>Im aware of this, and unfortunately if i use this, it gives a loop direct and doesn't load a thing when you use certain things like register.. In NGINX there is this & I guess something similar must be there for Apache .. add_header Strict-Transport-Security max-age=31536000; return 301 https://$host$request_uri; This is when it listens to port 80 (with the 301 redirect) .. if your browser reads this extra header it will lock itself only to HTTPS for your domain .. .Im not too sure what nginx is but my host uses apache. Is there no way to make commerce atleast force use ssl.. I want the whole board to be but if I use the .htaccess some things don't load because of a loop. Link to comment Share on other sites More sharing options...
不中用 Posted April 28, 2015 Share Posted April 28, 2015 .How are your friendly URL's look like all HTTP or HTTPS ? . Link to comment Share on other sites More sharing options...
Achievement In Motion Posted April 28, 2015 Author Share Posted April 28, 2015 I believe http because Iv not changed any Link to comment Share on other sites More sharing options...
不中用 Posted April 28, 2015 Share Posted April 28, 2015 I believe http because Iv not changed any.I configure my server with HTTPS from the beginning and making sure there is a forced redirect from HTTP to HTTPS .. before I even install IPS ..If all that works .. then I start to install IPS ..I don't believe there is any switch to do a global HTTPS or HTTP on the fly .. some pages it can only be forced like login and commerce checkout (and that's it)If you are up to it .. start clean with HTTPS (include Google SPDY) and build your IPS on top ..Otherwise I suggest you better send in a support ticket with "" I'm running HTTP and want to change to full HTTPS "" .. better do this then breaking your site .. . Link to comment Share on other sites More sharing options...
不中用 Posted April 29, 2015 Share Posted April 29, 2015 I believe http because Iv not changed any.Use this to change your URL to total HTTPS .. I guess it can be done .. not sure though .. but it is all about your URL anyway .. http://community.invisionpower.com/4docs/system-management/change-your-url-r96/ . Link to comment Share on other sites More sharing options...
Rhett Posted April 29, 2015 Share Posted April 29, 2015 If you are using 4.0, you don't need any fancy re-directs, it will pull the ulr as you have it in your config_global.php file. If you are using 3.4.x then yes you can use htaccess to force this if needed. Link to comment Share on other sites More sharing options...
Achievement In Motion Posted April 29, 2015 Author Share Posted April 29, 2015 If you are using 4.0, you don't need any fancy re-directs, it will pull the ulr as you have it in your config_global.php file. If you are using 3.4.x then yes you can use htaccess to force this if needed. So configuring the config global will automatically make my board fully ssl? But having doing that will it conflict if the ssl setting through the login acp section is turned on? Link to comment Share on other sites More sharing options...
不中用 Posted April 29, 2015 Share Posted April 29, 2015 So configuring the config global will automatically make my board fully ssl? But having doing that will it conflict if the ssl setting through the login acp section is turned on?.Yes it will become fully SSL and other settings in your ACP will be automatically set/locked .. . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.