Page 1 of 1

Force SSL admin

Posted: Thu Sep 22, 2005 10:51 am
by lw-d
I have sucessfully edited the .htaccess file in the administrator folder to force the user into secure mode when entering the admininistrator section of the site, the script works well when I enter:

http://www.mydomainname.com/cms/administrator/

but not when I leave the end trailing slash, i.e.

http://www.imsconsulting.info/_cms/administrator

Here is the redirect the goes through with the above link:

https://www.mydomainname.com/cms/admini ... inistrator

....which is a blank page.

It is only a small problem, i.e. just a case of telling the client to add the trailing slash but it would be nice to try and fix it.

Here is the code I used on the .htaccess file in the administrator folder:



order allow,deny
deny from all


RewriteEngine On
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /
RewriteRule ^/$ /index.php
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*) https://www.mydomainname.com/cms/administrator/$1 [R=301,L]

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR]
RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]
RewriteCond %{ HTTP_USER_AGENT} ^ DI I bot [OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector
RewriteRule ^.* - [F]
RewriteCond %{HTTP_REFERER} ^http://www.iaea.org$
RewriteRule !^http://[^/.]\.mydomainname.com.* - [F]


Hope someone can help. :) :) :) :)

Re: Force SSL admin

Posted: Thu Sep 22, 2005 10:52 am
by lw-d
BTW. Those are just made up domain names, which I'm sure you figured ;)

Re: Force SSL admin

Posted: Sat Oct 01, 2005 6:21 pm
by lw-d
**bump**