I'm having some issues using https with symphony.

After some difficulties, I've got the frontend of the site working - had some issues as my hosting was behind a load balancer and secondly that all my links needed trailing slashes or were 301ing when jquery was trying to get links.

My htaccess file looks like this currently:

   ### Symphony 2.2.x ###
Options +FollowSymlinks -Indexes

<IfModule mod_rewrite.c>

RewriteEngine on
RewriteBase /

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$$1 [R=301,L]

### SECURITY - Protect crucial files
RewriteRule ^manifest/(.*)$ - [F]
RewriteRule ^workspace/utilities/(.*).xsl$ - [F]
RewriteRule ^workspace/pages/(.*).xsl$ - [F]
RewriteRule ^(.*).sql$ - [F]

RewriteCond %{REQUEST_FILENAME} favicon.ico [NC]
RewriteRule .* - [S=14]

RewriteRule ^image/(.+.(jpg|gif|jpeg|png|bmp))$ extensions/jit_image_manipulation/lib/image.php?param=$1 [L,NC]

### CHECK FOR TRAILING SLASH - Will ignore files
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [L,R=301]

### URL Correction
RewriteRule ^(symphony/)?index.php(/.*/?) $1$2 [NC]

RewriteRule ^symphony/?$ index.php?mode=administration&%{QUERY_STRING} [NC,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^symphony(/(.*/?))?$ index.php?symphony-page=$1&mode=administration&%{QUERY_STRING}   [NC,L]

### FRONTEND REWRITE - Will ignore files and folders
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*/?)$ index.php?symphony-page=/$1&%{QUERY_STRING}   [L]

However with this, I'm unable to submit any forms in the symphony backend - they don't register as submitted after clicking submit (as if the event didn't trigger like with a frontend form)

Also one other thing I've noticed is that symphony doesn't seem to be noticing the HTTPS at all - all the javascript and images are being included via http which is giving me lots of 'insecure' content errors.

Anyone have any ideas?

Cheers Guys

Turns out that due to the load balancer and how the hosting was setup, $_SERVER['HTTPS'] wasn't being set (

To solve this I had to modify 'defines.php' to add the following logic:

 //work out if HTTPS
     $httpsDefined = getenv('HTTPS');
        $httpsDefined = ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); 

    define_safe('HTTPS', $httpsDefined);

Should this be classified as a symphony bug?

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details