[horde] htaccess conflict
Michael J Rubinsky
mrubinsk at horde.org
Wed Nov 16 14:24:19 UTC 2016
Quoting Frank Lienhard <frank at mclien.de>:
> On 11/16/2016 01:43 PM, Vilius Sumskas/LNK wrote:
>>> Hi
>>> On 11/16/2016 02:15 AM, Vilius Sumskas/LNK wrote:
>>>> Hi,
>>>>
>>>>> Maybe, I should rest for while, because I could not generate
>>>>> reproducable results at the moment.
>>>>>
>>>>> SO I "think" it is like I firstly diagnosed it:
>>>>> The sharede space is forced to use https (by that htacces file), but
>>>>> horde is reachable both ways http and https.
>>>>> But I'd like to get horde work with https only.
>>>>>
>>>>> On 11/15/2016 10:02 PM, Frank Lienhard wrote:
>>>>>> Just double checked and found out, that in this constellation the
>>>> login
>>>>>> only works unencrypted but after the login you cab use an encrypted
>>>>>> connection.
>>>>>> Isn't that a rather bad way to do it? Shouldn't the login be
>>>> encrypted?
>>>>>>
>>>>>>
>>>>>> On 11/15/2016 08:26 PM, Frank Lienhard wrote:
>>>>>>> I installed horde on an shared hosted platform.
>>>>>>> So now I end up with 2 .htaccess files:
>>>>>>> /var/www/virtual/<USERNAME>/html/.htaccess
>>>>>>> /var/www/virtual/<USERNAME>/html/horde/.htaccess
>>>>>>>
>>>>>>> The first one ist processed by the provider to work and is
>> configured
>>>> to
>>>>>>> force use of https.
>>>>>>> Unfortunately the .htaccess of the horde path renders that useless.
>>>>>>>
>>>>>>> It still works encrypted, but only if you explicitly use https://
>> in
>>>> the
>>>>>>> URL.
>>>>>>>
>>>>>>> Since the .htaccess notes not to edit it, I have no idea how to fix
>>
>>>> this.
>>>>>>>
>>>>>>> Here are the rules of the non-horde .htaccess file:
>>>>>>>
>>>>>>> RewriteEngine On
>>>>>>> RewriteCond %{HTTPS} !=on
>>>>>>> RewriteCond %{ENV:HTTPS} !=on
>>>>>>> RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
>>>>>>>
>>>>>>> any hints are wellcome
>>>>>>>
>>>>>>> mclien
>>>>>>>
>>>>
>>>> https://digitalenvelopes.email/blog/force-https-in-horde/
>>>>
>>> Thanks, that did it, only remaining question:
>>> does this:
>>> "someone at ahost config]$ head conf.php
>>> <?php
>>> /* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */"
>>> mean, I have to take care of this every update/upgrad of horde?
>>
>> This comment means that you should not edit that file by hand, but use
>> Horde's configuration interface instead.
>>
>> conf.php file is not touched during the upgrade. However keep in my, that
>> if the new settings are added/changed/removed in the new version, it is
>> still a good idea to look through all of them after every upgrade.
>>
> Took me a while to find that one:
> General - URL settings - $conf[use_ssl]
>
> which is set to "Assume that we are using SSL and always generate https
> URLs."
>
> So what exactly is the difference between using the Config Interface
> vs.editing the config file
> (to me the editing of the conf file is quicker and more what I'm used to.)
It is very easy to enter something incorrect, incomplete, or otherwise
incorrect which could very well prevent Horde from working at all. The
web interface provides some safeguards, and automatically creates a
backup of the old config.
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
--
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2007 bytes
Desc: S/MIME Signature
URL: <https://lists.horde.org/archives/horde/attachments/20161116/807530e1/attachment.bin>
More information about the horde
mailing list