Advertisement
Force SSL Administrator Only - Can't Login
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 12
- Joined: Thu Nov 06, 2008 5:16 pm
Force SSL Administrator Only - Can't Login
I have got a SSL certificate installed on my Joomla site, but when I choose the option in the global configuration 'Force SSL Administrator Only', I then can't login to the backend, it just loops. I am running 1.5.15, is there a fix for this?
Advertisement
-
- Joomla! Apprentice
- Posts: 6
- Joined: Thu Nov 05, 2009 12:20 am
Re: Force SSL Administrator Only - Can't Login
Hi i have the same problem. I created a free SSL cert in my hosts cpanel and set force ssl admin in the joomla configuration. When i try to open with chrom it just tries to open forever (but doesnt succeed) and IE 8 just shows The webpage cannot be found. How do i get it to work?
@TIMMY: if you cant access backend just edit var $force_ssl = '1'; to 0 in configuration.php
@TIMMY: if you cant access backend just edit var $force_ssl = '1'; to 0 in configuration.php
- fw116
- Joomla! Ace
- Posts: 1374
- Joined: Tue Sep 06, 2005 11:18 am
- Location: Germany
Re: Force SSL Administrator Only - Can't Login
how about :
https://www.yourtsite.com/administrator ?
you dont have to force anything...
just https instead of http...
https://www.yourtsite.com/administrator ?
you dont have to force anything...
just https instead of http...
-
- Joomla! Apprentice
- Posts: 12
- Joined: Thu Nov 06, 2008 5:16 pm
Re: Force SSL Administrator Only - Can't Login
Thanks for the reply, the login loop happens when using https.
-
- Joomla! Apprentice
- Posts: 6
- Joined: Thu Nov 05, 2009 12:20 am
Re: Force SSL Administrator Only - Can't Login
it doesnt matter. this happens if we use https (forced or not)fw116 wrote:how about :
https://www.yourtsite.com/administrator ?
you dont have to force anything...
just https instead of http...
-
- Joomla! Apprentice
- Posts: 44
- Joined: Mon Nov 09, 2009 9:46 am
Re: Force SSL Administrator Only - Can't Login
I think I just had the same (or at least a similar) problem but managed to fix it!
Details of my problem and what I did to fix it are here:
http://forum.joomla.org/viewtopic.php?f=433&t=458713
Hope it helps
Details of my problem and what I did to fix it are here:
http://forum.joomla.org/viewtopic.php?f=433&t=458713
Hope it helps
- Alextampa
- Joomla! Guru
- Posts: 557
- Joined: Fri Jan 09, 2009 3:16 pm
- Location: Tampa
Re: Force SSL Administrator Only - Can't Login
its because you dont have www or non www consistant more than likely
-
- Joomla! Apprentice
- Posts: 6
- Joined: Thu Nov 05, 2009 12:20 am
Re: Force SSL Administrator Only - Can't Login
its not that.. its a server side problem... thanks for the input guys
-
- Joomla! Apprentice
- Posts: 6
- Joined: Sat Feb 06, 2010 5:34 am
Re: Force SSL Administrator Only - Can't Login
anyone figure this out? I'm having the same problem. It's driving me nuts.
-
- Joomla! Apprentice
- Posts: 6
- Joined: Sat Feb 06, 2010 5:34 am
Re: Force SSL Administrator Only - Can't Login
Figured it out...at least for me. Make sure your - var $live_site = 'https://www.yourdomain.com'; has the https in it.
Loop is gone...
Loop is gone...
-
- Joomla! Apprentice
- Posts: 10
- Joined: Sun Jan 24, 2010 4:13 am
Re: Force SSL Administrator Only - Can't Login
I changed $var livesite in the configuration.php file from http to https - I can now login to the backend of my site, but now the whole site is forced to use https, which I don't want.
I only need administrators and users who are logged in to use a secure URL.
This problem occurred after installing Joomla 1.5.17.
Is there an issue with the Force URL in Global Configuration? Are there any ideas for this? I can't seem to get a solid answer about secure and non-secure URL redirection with the latest version of Joomla.
Thanks.
I only need administrators and users who are logged in to use a secure URL.
This problem occurred after installing Joomla 1.5.17.
Is there an issue with the Force URL in Global Configuration? Are there any ideas for this? I can't seem to get a solid answer about secure and non-secure URL redirection with the latest version of Joomla.
Thanks.
-
- Joomla! Intern
- Posts: 60
- Joined: Mon Mar 10, 2008 6:52 pm
Re: Force SSL Administrator Only - Can't Login
I have this problem, too, on a site using ver 1.5.20.
Had to turn off the forced admin SSL to login again.
If there are any fixes for this, they would be appreciated by many.
Had to turn off the forced admin SSL to login again.
If there are any fixes for this, they would be appreciated by many.
-
- Joomla! Apprentice
- Posts: 10
- Joined: Sun Jan 24, 2010 4:13 am
Re: Force SSL Administrator Only - Can't Login
wirecreative wrote:I have this problem, too, on a site using ver 1.5.20.
Had to turn off the forced admin SSL to login again.
If there are any fixes for this, they would be appreciated by many.
I've since upgraded to 1.5.20 and yep... still the same problem.
There's also now an issue with the contact form in Joomla, where a user can submit their details/messages and I receive their information in my inbox fine, but the user receives no confirmation page to let them know that their message has been sent. The contact form just tends to loop. I think this might have something to do with the SSL connection as well.
Lets hope there's a nice big brain out there who can lend us a hand!
- CorePressure
- Joomla! Enthusiast
- Posts: 246
- Joined: Thu Dec 03, 2009 6:34 pm
- Location: Bucharest
- Contact:
Re: Force SSL Administrator Only - Can't Login
Just leave the live_site thing empty...
Core Pressure - Joomla! Tutorials + Videos
http://www.corepressure.com
Follow CorePressure.com Updates via Twitter @:
http://www.twitter.com/CorePressure
http://www.corepressure.com
Follow CorePressure.com Updates via Twitter @:
http://www.twitter.com/CorePressure
-
- Joomla! Intern
- Posts: 60
- Joined: Mon Mar 10, 2008 6:52 pm
Re: Force SSL Administrator Only - Can't Login
The SEF component I use, sh404sef, requires a value in that variable, so that's not an option.CorePressure wrote:Just leave the live_site thing empty...
-
- Joomla! Apprentice
- Posts: 10
- Joined: Sun Jan 24, 2010 4:13 am
Re: Force SSL Administrator Only - Can't Login
Yeah I don't think it's a good idea to remove that.wirecreative wrote:The SEF component I use, sh404sef, requires a value in that variable, so that's not an option.CorePressure wrote:Just leave the live_site thing empty...
-
- Joomla! Apprentice
- Posts: 5
- Joined: Mon May 24, 2010 5:54 pm
Re: Force SSL Administrator Only - Can't Login
I'm experiencing this as well. As far as I can tell, unless I'm willing to make the whole site force SSL the best I can get for having the admin side use SSL is manually using it when logging in... it then redirects back to the the non-SSL URL, which seems to cause a loop when admin SSL-forcing is enabled.
However, looking at the docs it should be fine - in most cases - to set live_site to the empty string. I'm going to try this. Someone should be looking at fixing this even when live_site is set, though
However, looking at the docs it should be fine - in most cases - to set live_site to the empty string. I'm going to try this. Someone should be looking at fixing this even when live_site is set, though
-
- Joomla! Apprentice
- Posts: 19
- Joined: Fri Dec 08, 2006 3:26 pm
Re: Force SSL Administrator Only - Can't Login
if even force ssl but in live_site you change for https://livesite.com it works.
the problem is that with sh404sef activated if the user types http://livesite.com the page goes 404!
trying to figure it out.
the problem is that with sh404sef activated if the user types http://livesite.com the page goes 404!
trying to figure it out.
-
- Joomla! Apprentice
- Posts: 5
- Joined: Mon May 24, 2010 5:54 pm
Re: Force SSL Administrator Only - Can't Login
The conclusion I eventually reached was that, if live_site is set, all links and redirects will use that as the base. Thus, if forcing of SSL is admin only, and you set live_site to none-SSL, it'll keep breaking. If force SSL is admin only, and you set live_site to SSL, links and redirects on the frontend will also be to SSL. This is not a good thing if you're using an internal CA or a self-signed cert.
If you do not set live_site, it will apparently work fine in most cases. It's working great for me right now.
If you do not set live_site, it will apparently work fine in most cases. It's working great for me right now.
-
- Joomla! Intern
- Posts: 51
- Joined: Tue Jan 26, 2010 10:37 pm
Re: Force SSL Administrator Only - Can't Login
Is there any update on this bug? I am also using SH404SEF and I have to have something in live_site.
- mandville
- Joomla! Master
- Posts: 15157
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Force SSL Administrator Only - Can't Login
have you asked sh404 to fix their "bug" ?jabbott777 wrote:Is there any update on this bug? I am also using SH404SEF and I have to have something in live_site.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.puttersminigolf.co.uk/
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.puttersminigolf.co.uk/
-
- Joomla! Intern
- Posts: 51
- Joined: Tue Jan 26, 2010 10:37 pm
Re: Force SSL Administrator Only - Can't Login
Riiiiight. Thanks for your help man, it was invaluable, really. But in the meantime I have discovered if you core hack libraries/joomla/environment/uri.php
Code: Select all
if(JPATH_BASE == JPATH_ADMINISTRATOR)
{
$force_ssl = $config->getValue('config.force_ssl');
if($force_ssl > 0)
{
$base['prefix'] = ereg_replace("http://","https://",$base['prefix']);
}
$base['path'] .= '/administrator';
}
- leolam
- Joomla! Master
- Posts: 20658
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Force SSL Administrator Only - Can't Login
You can use your .htaccess file for this without having to change code.
Force HTTPS for certain pages:
foobar is example ....replace by real links...same for domain.com which should be your real domain name...in other words you need to change this line and copy for those pages needed:
In case you wish to force HTTPS for a particular folder you can use:
Rewrite to SSL or NON-SSL using relative URL:
Hope this helps
Leo
Force HTTPS for certain pages:
Code: Select all
########## Begin - Force HTTPS for certain pages
# Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says.
RewriteCond %{HTTPS} ^off$ [NC]
RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R=301]
########## End - Force HTTPS for certain pages
Code: Select all
RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R=301]
Code: Select all
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]
Code: Select all
RewriteRule ^/(.*):SSL$ https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
- Joomla! Fledgling
- Posts: 3
- Joined: Sat Sep 11, 2010 2:32 am
Re: Force SSL Administrator Only - Can't Login
I like the idea of the .htaccess solution but the file change for administrator folder to stay ssl and not keep looping back to login...did not work. Not for me anyway. I must need to change other stuff in that file..and I don't like the idea without knowing what the heck I am breaking
-
- Joomla! Fledgling
- Posts: 1
- Joined: Mon May 16, 2011 9:48 am
Re: Force SSL Administrator Only - Can't Login
Hi everyone,
As many other people, I checked "Force SSL" in my backend. So, I could no more have access to backend.
However it was post Nov 2009, For me "cloaked0" tip worked fine on Joomla 1.5.23:
"if you cant access backend just edit var $force_ssl = '1'; to 0 in configuration.php"
I did it and could again have access to my backend.
Thx to cloaked0 for the help!
As many other people, I checked "Force SSL" in my backend. So, I could no more have access to backend.
However it was post Nov 2009, For me "cloaked0" tip worked fine on Joomla 1.5.23:
"if you cant access backend just edit var $force_ssl = '1'; to 0 in configuration.php"
I did it and could again have access to my backend.
Thx to cloaked0 for the help!
-
- Joomla! Enthusiast
- Posts: 248
- Joined: Tue Nov 14, 2006 3:29 am
- Contact:
Re: Force SSL Administrator Only - Can't Login
I suddenly got this problem on my site for no reason I can see. Its weird.
I've been using SSL admin for a long time, now it wont work.
I've been using SSL admin for a long time, now it wont work.
-
- Joomla! Apprentice
- Posts: 14
- Joined: Thu Jun 16, 2011 2:42 am
Re: Force SSL Administrator Only - Can't Login
Has anyone found a solution for this?
I have to have $live_site set to "http..." because after the user completes vm orders I need the site to return to http when users clicks home.
I would like the back end to be secured but I am dealing with the login loop issue...any fixes for this?
I have to have $live_site set to "http..." because after the user completes vm orders I need the site to return to http when users clicks home.
I would like the back end to be secured but I am dealing with the login loop issue...any fixes for this?
-
- Joomla! Enthusiast
- Posts: 248
- Joined: Tue Nov 14, 2006 3:29 am
- Contact:
Re: Force SSL Administrator Only - Can't Login
nope, I didn't find a fix. I was hosting on Dreamhost and I asked them but they didn't understand the problem.
-
- Joomla! Apprentice
- Posts: 14
- Joined: Thu Jun 16, 2011 2:42 am
Re: Force SSL Administrator Only - Can't Login
I think the problem comes from having the $live_site variable set to an http:// and is trying to force the administrator back to http after the force SSL option is forcing it to SSL but I don't know enough about joomla development to see if this is what's going on and how to fix it.
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: Force SSL Administrator Only - Can't Login
Please refrain from dredging up topics that are a year or more old. If you have an similar issue then please make a new fresh post about the issue. Joomla has had several changes and web server software has also changed. This may make an old topic irrelevant or may make a solution different for a newer version.
The ""if you cant access backend just edit var $force_ssl = '1'; to 0 in configuration.php"" is the standard way to fix the issue if you are locked out by turning ssl on when you do not have the proper certificate setup.
One caveat is if Joomla has set your configuration.php file to 444, your ftp upload of the file (download of file will work fine) after the fix will fail as the file on the server is read only and can not be overwritten by the file you are trying to upload. If your not paying attention, You may not notice the failure, and wonder then why the solution did not work. The fix for that is to first change the permission of the file to 644 then download the file, fix it, then upload the file back, and then change permissions back to 444 on the file.
The ""if you cant access backend just edit var $force_ssl = '1'; to 0 in configuration.php"" is the standard way to fix the issue if you are locked out by turning ssl on when you do not have the proper certificate setup.
One caveat is if Joomla has set your configuration.php file to 444, your ftp upload of the file (download of file will work fine) after the fix will fail as the file on the server is read only and can not be overwritten by the file you are trying to upload. If your not paying attention, You may not notice the failure, and wonder then why the solution did not work. The fix for that is to first change the permission of the file to 644 then download the file, fix it, then upload the file back, and then change permissions back to 444 on the file.
PhilD
Advertisement