Differences

This shows you the differences between two versions of the page.

--- tips:httpslogin [2016-03-16 12:38] – [php Based HTTPS] 62.243.244.158
+++ tips:httpslogin [2018-09-29 11:31] (current) – [Apache] added example of a simple rule for https for all pages bruno.genere
@@ Line 5: / Line 5: @@
 See https://www.dokuwiki.org/plugin:forcessllogin, doesn't seem to reflect SSL access in URL, i.e. dokuwiki's access denied page won't be opened via https protocol which makes debugging and assuring that you're securely logging in difficult.
 =====Apache=====
 Using Apache's mod_rewrite, DokuWiki logins can be forced to use HTTPS, thus preventing clear text passwords on the wire.
-You may want to read up on [[:rewrite|general rewriting]] first.
+You may also need that all requests (and not only login) use HTTPS. To do so, create an .htaccess file in the root directory of DokuWiki and insert the following code.
+<code apache .htaccess>
+RewriteCond %{HTTPS} !on
+RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
+</code>
+If you only want to force some specific URL, read up [[:rewrite|URL rewriting]] first.
 Redirection to a secured connection which is restricted to a certain set of pages (e.g. login pages) requires their recognition based on the URL. Some pages (e.g. "access denied" pages which might be included only in newer versions, e.g. 2014-05-05 "Ponder Stibbons" <ref>https://www.dokuwiki.org/plugin:ondeniedlogin</ref>) don't include such a mark and cannot be distungished from the rest of URLs (which one might want to be accessed without a secure connection in order to save server resources).