DokuWiki

It's better when it's simple

User Tools

Site Tools


tips:httpslogin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tips:httpslogin [2017-10-15 16:46]
212.9.99.131 old revision restored (2017-04-04 15:03)
tips:httpslogin [2018-09-29 11:31] (current)
bruno.genere [Apache] added example of a simple rule for https for all pages
Line 5: Line 5:
 See https://​www.dokuwiki.org/​plugin:​forcessllogin,​ doesn'​t seem to reflect SSL access in URL, i.e. dokuwiki'​s access denied page won't be opened via https protocol which makes debugging and assuring that you're securely logging in difficult. See https://​www.dokuwiki.org/​plugin:​forcessllogin,​ doesn'​t seem to reflect SSL access in URL, i.e. dokuwiki'​s access denied page won't be opened via https protocol which makes debugging and assuring that you're securely logging in difficult.
 =====Apache===== =====Apache=====
-Using Apache'​s mod_rewrite,​ DokuWiki logins can be forced to use HTTPS, thus preventing clear text passwords on the wire.+Using Apache'​s mod_rewrite,​ DokuWiki logins can be forced to use HTTPS, thus preventing clear text passwords on the wire. 
  
-You may want to read up on [[:rewrite|general ​rewriting]] first.+You may also need that all requests (and not only login) use HTTPS. To do so, create an .htaccess file in the root directory of DokuWiki and insert the following code. 
 +<code apache .htaccess>​ 
 +RewriteCond %{HTTPS} !on 
 +RewriteRule (.*) https://​%{HTTP_HOST}/​$1 [R,L] 
 +</​code>​  
 + 
 +If you only want to force some specific URL, read up [[:rewrite|URL rewriting]] first.
  
 Redirection to a secured connection which is restricted to a certain set of pages (e.g. login pages) requires their recognition based on the URL. Some pages (e.g. "​access denied"​ pages which might be included only in newer versions, e.g. 2014-05-05 "​Ponder Stibbons"​ <​ref>​https://​www.dokuwiki.org/​plugin:​ondeniedlogin</​ref>​) don't include such a mark and cannot be distungished from the rest of URLs (which one might want to be accessed without a secure connection in order to save server resources). Redirection to a secured connection which is restricted to a certain set of pages (e.g. login pages) requires their recognition based on the URL. Some pages (e.g. "​access denied"​ pages which might be included only in newer versions, e.g. 2014-05-05 "​Ponder Stibbons"​ <​ref>​https://​www.dokuwiki.org/​plugin:​ondeniedlogin</​ref>​) don't include such a mark and cannot be distungished from the rest of URLs (which one might want to be accessed without a secure connection in order to save server resources).
tips/httpslogin.txt · Last modified: 2018-09-29 11:31 by bruno.genere