http -> https (vice versa) for certain files only

Fix it!!

So!

Postby humaneasy » Fri Feb 23, 2007 2:09 pm

To conclude this...

This rule bellow will appear first for activeCollab's sake:

Code: Select all
RewriteCond %{HTTP_HOST} ^ac\. [NC]
RewriteRule ^(.*/)?files/(.*)$ - [L]


And this one bellow will appear afterwards for Wordpress's sake:

Code: Select all
RewriteRule ^(.*/)?files/(.*)$ /wp-content/blogs.php?file=$2 [L]


Right?

Thanks.

8) Lopo

PS: What about the book?
PPS: Do you have a wish list somewhere?
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Postby richardk » Fri Feb 23, 2007 2:43 pm

This rule bellow will appear first for activeCollab's sake ... And this one bellow will appear afterwards for Wordpress's sake ... Right?

Yeah.

PS: What about the book?

What book?

PPS: Do you have a wish list somewhere?

Nope.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Seems to be working but...

Postby humaneasy » Fri Feb 23, 2007 7:56 pm

... there's always a but :)

This is a bit stupid. I'm starting to understand how this works but not quite yet :D

Although Wordpress has everything admin below /wp-admin/ (which we are now securing), the login and registering procedures files are on the web root (/) so those even more important communications are not encrypted at all. And this is a silly way of using SSL :-?

So I should also make the following files roll under HTTPS but I think I can't yet grasp the thing :cry:
  • wp-activate.php
  • wp-login.php
  • getablog.php (which is just a symlink to wp-signup.php)
  • wp-signup.php
  • wp-valid.php


If you can still help :)

The book... do you know of one *good* about mod_rewrite and the rest and that you could recomend?

Well! You don't have a wishlist so I thank you this way: THANK YOU!

Best,
8) Lopo
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Postby richardk » Sat Feb 24, 2007 11:21 am

Replace the three (two with a !, one without)
Code: Select all
^wp-admin(/.*)?$

with
Code: Select all
^((wp-activate|wp-login|getablog|wp-signup|wp-valid)\.php|wp-admin(/.*)?)$


The book... do you know of one *good* about mod_rewrite and the rest and that you could recomend?

Sorry, i don't know of any mod_rewrite books.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Odd enough!

Postby humaneasy » Mon Feb 26, 2007 5:59 pm

This is rather odd :)

If I go to, for instance, https://devstatus.healthblogs.org/wp-lo ... admin%252F

Why does it add that so strange query string?

It should be: https://devstatus.healthblogs.org/wp-lo ... p-admin%2F

Neverthless, nothing happens even if I ammend the URI.

On the other hand, if I go to https://healthblogs.org/wp-admin/ it redirects to the login like https://www.healthblogs.org/wp-login.ph ... min%25252F
and it should redirect to https://healthblogs.org/wp-login.php?re ... p-admin%2F

Neverthless, in this case and after loging in it redirects to http://healthblogs.org/%252Fwp-admin%252F


At last, if I put https://healthblogs.org/wp-admin/ it always converts in https://www.healthblogs.org/wp-admin/ and it shouldn't. The opposite was the intended effect: removing the www. from every domain :)


Strange and bogus :(

Another issue is when I click
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Postby richardk » Tue Feb 27, 2007 9:47 am

It's a problem with URL encoding of the variables. You'll probably need to edit the wp-login.php file to urldecode() the variable before it uses it.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby humaneasy » Tue Feb 27, 2007 10:25 am

richardk wrote:It's a problem with URL encoding of the variables. You'll probably need to edit the wp-login.php file to urldecode() the variable before it uses it.


Ok! I'll try it. Thanks!
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Postby humaneasy » Tue Feb 27, 2007 11:33 am

I have an issue wth the SSL certificate being attached with www.healthblogs.org and not to *.healthblogs.org

Must wait to see if ISP solves this issue first or teh back and forward will never end even if we make as many as rules we want :( :x

I'll keep this issue open and will post here the conclusion for it.

8) Lopo
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Previous

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 10 guests

cron