[horde] htaccess conflict
Frank Lienhard
frank at mclien.de
Wed Nov 16 14:38:25 UTC 2016
On 11/16/2016 03:24 PM, Michael J Rubinsky wrote:
>
> Quoting Frank Lienhard <frank at mclien.de>:
>
>> On 11/16/2016 01:43 PM, Vilius Sumskas/LNK wrote:
>>>> Hi
>>>> On 11/16/2016 02:15 AM, Vilius Sumskas/LNK wrote:
>>>>> Hi,
>>>>>
>>>>>> Maybe, I should rest for while, because I could not generate
>>>>>> reproducable results at the moment.
>>>>>>
>>>>>> SO I "think" it is like I firstly diagnosed it:
>>>>>> The sharede space is forced to use https (by that htacces file), but
>>>>>> horde is reachable both ways http and https.
>>>>>> But I'd like to get horde work with https only.
>>>>>>
>>>>>> On 11/15/2016 10:02 PM, Frank Lienhard wrote:
>>>>>>> Just double checked and found out, that in this constellation the
>>>>> login
>>>>>>> only works unencrypted but after the login you cab use an encrypted
>>>>>>> connection.
>>>>>>> Isn't that a rather bad way to do it? Shouldn't the login be
>>>>> encrypted?
>>>>>>>
>>>>>>>
>>>>>>> On 11/15/2016 08:26 PM, Frank Lienhard wrote:
>>>>>>>> I installed horde on an shared hosted platform.
>>>>>>>> So now I end up with 2 .htaccess files:
>>>>>>>> /var/www/virtual/<USERNAME>/html/.htaccess
>>>>>>>> /var/www/virtual/<USERNAME>/html/horde/.htaccess
>>>>>>>>
>>>>>>>> The first one ist processed by the provider to work and is
>>> configured
>>>>> to
>>>>>>>> force use of https.
>>>>>>>> Unfortunately the .htaccess of the horde path renders that useless.
>>>>>>>>
>>>>>>>> It still works encrypted, but only if you explicitly use https://
>>> in
>>>>> the
>>>>>>>> URL.
>>>>>>>>
>>>>>>>> Since the .htaccess notes not to edit it, I have no idea how to fix
>>>
>>>>> this.
>>>>>>>>
>>>>>>>> Here are the rules of the non-horde .htaccess file:
>>>>>>>>
>>>>>>>> RewriteEngine On
>>>>>>>> RewriteCond %{HTTPS} !=on
>>>>>>>> RewriteCond %{ENV:HTTPS} !=on
>>>>>>>> RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
>>>>>>>>
>>>>>>>> any hints are wellcome
>>>>>>>>
>>>>>>>> mclien
>>>>>>>>
>>>>>
>>>>> https://digitalenvelopes.email/blog/force-https-in-horde/
>>>>>
>>>> Thanks, that did it, only remaining question:
>>>> does this:
>>>> "someone at ahost config]$ head conf.php
>>>> <?php
>>>> /* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */"
>>>> mean, I have to take care of this every update/upgrad of horde?
>>>
>>> This comment means that you should not edit that file by hand, but use
>>> Horde's configuration interface instead.
>>>
>>> conf.php file is not touched during the upgrade. However keep in my,
>>> that
>>> if the new settings are added/changed/removed in the new version, it is
>>> still a good idea to look through all of them after every upgrade.
>>>
>> Took me a while to find that one:
>> General - URL settings - $conf[use_ssl]
>>
>> which is set to "Assume that we are using SSL and always generate https
>> URLs."
>>
>> So what exactly is the difference between using the Config Interface
>> vs.editing the config file
>> (to me the editing of the conf file is quicker and more what I'm used
>> to.)
>
> It is very easy to enter something incorrect, incomplete, or otherwise
> incorrect which could very well prevent Horde from working at all. The
> web interface provides some safeguards, and automatically creates a
> backup of the old config.
>
OK, so as long as I'm convinced I do it right and create a backup file I
do basicly the same?
More information about the horde
mailing list