[horde] htaccess conflict

Vilius Sumskas/LNK vilius at lnk.lt
Wed Nov 16 15:06:14 UTC 2016


> Quoting Frank Lienhard <frank at mclien.de>:
> 
> > On 11/16/2016 01:43 PM, Vilius Sumskas/LNK wrote:
> >>> Hi
> >>> On 11/16/2016 02:15 AM, Vilius Sumskas/LNK wrote:
> >>>> Hi,
> >>>>
> >>>>> Maybe, I should rest for while, because I could not generate
> >>>>> reproducable results at the moment.
> >>>>>
> >>>>> SO I "think" it is like I firstly diagnosed it:
> >>>>> The sharede space is forced to use https (by that htacces file), 
but
> >>>>> horde is reachable both ways http and https.
> >>>>> But I'd like to get horde work with https only.
> >>>>>
> >>>>> On 11/15/2016 10:02 PM, Frank Lienhard wrote:
> >>>>>> Just double checked and found out, that in this constellation the
> >>>> login
> >>>>>> only works unencrypted but after the login you cab use an 
encrypted
> >>>>>> connection.
> >>>>>> Isn't that a rather bad way to do it? Shouldn't the login be
> >>>> encrypted?
> >>>>>>
> >>>>>>
> >>>>>> On 11/15/2016 08:26 PM, Frank Lienhard wrote:
> >>>>>>> I installed horde on an shared hosted platform.
> >>>>>>> So now I end up with 2 .htaccess files:
> >>>>>>> /var/www/virtual/<USERNAME>/html/.htaccess
> >>>>>>> /var/www/virtual/<USERNAME>/html/horde/.htaccess
> >>>>>>>
> >>>>>>> The first one ist processed by the provider to work and is
> >> configured
> >>>> to
> >>>>>>> force use of https.
> >>>>>>> Unfortunately the .htaccess of the horde path renders that 
useless.
> >>>>>>>
> >>>>>>> It still works encrypted, but only if you explicitly use 
https://
> >> in
> >>>> the
> >>>>>>> URL.
> >>>>>>>
> >>>>>>> Since the .htaccess notes not to edit it, I have no idea how to 
fix
> >>
> >>>> this.
> >>>>>>>
> >>>>>>> Here are the rules of the non-horde .htaccess file:
> >>>>>>>
> >>>>>>> RewriteEngine On
> >>>>>>> RewriteCond %{HTTPS} !=on
> >>>>>>> RewriteCond %{ENV:HTTPS} !=on
> >>>>>>> RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
> >>>>>>>
> >>>>>>> any hints are wellcome
> >>>>>>>
> >>>>>>> mclien
> >>>>>>>
> >>>>
> >>>> https://digitalenvelopes.email/blog/force-https-in-horde/
> >>>>
> >>> Thanks, that did it, only remaining question:
> >>> does this:
> >>> "someone at ahost config]$ head conf.php
> >>> <?php
> >>> /* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */"
> >>> mean, I have to take care of this every update/upgrad of horde?
> >>
> >> This comment means that you should not edit that file by hand, but 
use
> >> Horde's configuration interface instead.
> >>
> >> conf.php file is not touched during the upgrade. However keep in my, 
that
> >> if the new settings are added/changed/removed in the new version, it 
is
> >> still a good idea to look through all of them after every upgrade.
> >>
> > Took me a while to find that one:
> > General - URL settings - $conf[use_ssl]
> >
> > which is set to "Assume that we are using SSL and always generate 
https
> > URLs."
> >
> > So what exactly is the difference between using the Config Interface
> > vs.editing the config file
> > (to me the editing of the conf file is quicker and more what I'm used 
to.)
> 
> It is very easy to enter something incorrect, incomplete, or otherwise 
> incorrect which could very well prevent Horde from working at all. The 
> web interface provides some safeguards, and automatically creates a 
> backup of the old config.

Also, Horde has an integrated diff viewer, so you can easily view 
differences between old config and newly generated file.

-- 
   Vilius


More information about the horde mailing list