[horde] htaccess conflict
Frank Lienhard
frank at mclien.de
Wed Nov 16 14:19:00 UTC 2016
On 11/16/2016 01:43 PM, Vilius Sumskas/LNK wrote:
>> Hi
>> On 11/16/2016 02:15 AM, Vilius Sumskas/LNK wrote:
>>> Hi,
>>>
>>>> Maybe, I should rest for while, because I could not generate
>>>> reproducable results at the moment.
>>>>
>>>> SO I "think" it is like I firstly diagnosed it:
>>>> The sharede space is forced to use https (by that htacces file), but
>>>> horde is reachable both ways http and https.
>>>> But I'd like to get horde work with https only.
>>>>
>>>> On 11/15/2016 10:02 PM, Frank Lienhard wrote:
>>>>> Just double checked and found out, that in this constellation the
>>> login
>>>>> only works unencrypted but after the login you cab use an encrypted
>>>>> connection.
>>>>> Isn't that a rather bad way to do it? Shouldn't the login be
>>> encrypted?
>>>>>
>>>>>
>>>>> On 11/15/2016 08:26 PM, Frank Lienhard wrote:
>>>>>> I installed horde on an shared hosted platform.
>>>>>> So now I end up with 2 .htaccess files:
>>>>>> /var/www/virtual/<USERNAME>/html/.htaccess
>>>>>> /var/www/virtual/<USERNAME>/html/horde/.htaccess
>>>>>>
>>>>>> The first one ist processed by the provider to work and is
> configured
>>> to
>>>>>> force use of https.
>>>>>> Unfortunately the .htaccess of the horde path renders that useless.
>>>>>>
>>>>>> It still works encrypted, but only if you explicitly use https://
> in
>>> the
>>>>>> URL.
>>>>>>
>>>>>> Since the .htaccess notes not to edit it, I have no idea how to fix
>
>>> this.
>>>>>>
>>>>>> Here are the rules of the non-horde .htaccess file:
>>>>>>
>>>>>> RewriteEngine On
>>>>>> RewriteCond %{HTTPS} !=on
>>>>>> RewriteCond %{ENV:HTTPS} !=on
>>>>>> RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
>>>>>>
>>>>>> any hints are wellcome
>>>>>>
>>>>>> mclien
>>>>>>
>>>
>>> https://digitalenvelopes.email/blog/force-https-in-horde/
>>>
>> Thanks, that did it, only remaining question:
>> does this:
>> "someone at ahost config]$ head conf.php
>> <?php
>> /* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */"
>> mean, I have to take care of this every update/upgrad of horde?
>
> This comment means that you should not edit that file by hand, but use
> Horde's configuration interface instead.
>
> conf.php file is not touched during the upgrade. However keep in my, that
> if the new settings are added/changed/removed in the new version, it is
> still a good idea to look through all of them after every upgrade.
>
Took me a while to find that one:
General - URL settings - $conf[use_ssl]
which is set to "Assume that we are using SSL and always generate https
URLs."
So what exactly is the difference between using the Config Interface
vs.editing the config file
(to me the editing of the conf file is quicker and more what I'm used to.)
More information about the horde
mailing list