How to force http (not https) for logged users ?

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
villala
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Jun 08, 2017 11:45 am

How to force http (not https) for logged users ?

Post by villala » Thu Jun 08, 2017 12:20 pm

Currently after login the site will go to the https which generates the " SEC_ERROR_EXPIRED_CERTIFICATE" error because I do not have any certifications installed and available.

This problem occurs only in Firefox (newest version) BUT for example the Internet Explorer and Opera browsers are working correctly !

So this is why I would like to disable the SSL completely. How to do it ?

My current administration settings are as follows:
* In server information the "Force SSL = none"
* In configuration file the "force SSL = 0"

Joomla version as follows:
* Joomla! 2.5.20 Stable [ Ember ] 30-April-2014 14:00 GMT
* Joomla Platform 11.4.0 Stable [ Brian Kernighan ] 03-Jan-2012 00:00 GMT

Site location: http://www.villala.net

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 21958
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: How to force http (not https) for logged users ?

Post by pe7er » Thu Jun 08, 2017 1:12 pm

in configuration.php it should say:

Code: Select all

$force_ssl = '0';
Could you empty your browser cache?

Note: 2.5.20 = very outdated.
Make sure you update to the latest version in 2.5 which is 2.5.28 + install the 2.5.28 security fix.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-founder of data2.eu GDPR Tool https://data2.eu/en/gdpr-tool

villala
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Jun 08, 2017 11:45 am

Re: How to force http (not https) for logged users ?

Post by villala » Thu Jun 08, 2017 3:44 pm

pe7er wrote:in configuration.php it should say:

Code: Select all

$force_ssl = '0';
Could you empty your browser cache?

Note: 2.5.20 = very outdated.
Make sure you update to the latest version in 2.5 which is 2.5.28 + install the 2.5.28 security fix.
The code is:

Code: Select all

public $force_ssl = '0';
I updated to 2.5.28 and Firefox cache is now cleared. But the problem still exists :(

New ideas ?

User avatar
websitedons
I've been banned!
Posts: 389
Joined: Sat May 27, 2017 9:42 am

Re: How to force http (not https) for logged users ?

Post by websitedons » Thu Jun 08, 2017 5:27 pm

The problem is more likely with FireFox See http://www.solvusoft.com/en/errors/runt ... d-on-date/
Causes of Error sec_error_expired_certificate

Corrupt download or incomplete installation of Firefox software.
Corruption in Windows registry from a recent Firefox-related software change (install or uninstall).
Virus or malware infection that has corrupted Windows system files or Firefox-related program files.
Another program maliciously or mistakenly deleted Firefox-related files.

Runtime Errors such as “Error sec_error_expired_certificate” can be caused by a variety of factors, so it is important that you troubleshoot each of the possible causes to prevent it from recurring.

villala
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Jun 08, 2017 11:45 am

Re: How to force http (not https) for logged users ?

Post by villala » Thu Jun 08, 2017 5:41 pm

Yes. The problem is in one of my computers only. Others are working properly.

Next I have to solve out what is the problem with this computer.

Thank you !

EDIT:
The problem is now solved. One of the extensions in Firefox was the problem. I deleted it and now everything works as expected.


Post Reply

Return to “Security in Joomla! 2.5”