Search

Just trying: To imply for a secured connection to backend without having users need to remember to type https everytime they're entering backend (or do other stuff they can forget about or bypass), I slightly edited .htaccess's ### ADMIN REWRITE section from

### ADMIN REWRITE
RewriteRule ^symphony/?$ index.php?mode=administration&%{QUERY_STRING} [NC,L]

to following:

### ADMIN REWRITE
RewriteCond %{HTTP_HOST} ^local\. [NC]
RewriteRule ^symphony/?$ index.php?mode=administration&%{QUERY_STRING} [NC,L]

RewriteCond %{HTTP_HOST} !^local\. [NC]
RewriteRule ^symphony/?$ https://%{HTTP_HOST}/index.php?mode=administration&%{QUERY_STRING} [NC,L]

The RewriteConds takes care about my local dev environment to omit it on my localhost.

Why not to use https for the whole site then? It depends. One reason can be (my case) you have only a self-signed certificate provided by your hosting, which provides some encryption but you don't want to bug the general visitor with the non trusted warning stuff.

You might want to use a redirect rather than a rewrite. Right now you are not really encrypting the traffic between the server and the browser, but only between the server and the... server.

A set of flags like [NC, L, R=301] seems more appropriate.

Without spaces though, like

[R=301,L,NC]

as spaces cause a 500 error.

Thanks so much for your comments!

I will incorporate it and also update the example above. Have to finish some stuff first.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details