[imp] secure connection only

Christopher Kalos ckalos@gothambroadband.com
Fri, 8 Dec 2000 09:59:54 -0500


Exactly as I was saying :)
I've implemented this solution in the past, but nowadays, we just force a
clickthrough on our webmail service, so you really have no choice on our end
(for a regular user) but to use SSL.
Of course, it's trivial to manually enter the URL, but no one over here
would bother, I'll wager.

All in all, still better than writing up extraneous PHP code.

CK

-----Original Message-----
From: Chris Crowley [mailto:ccrowley@tulane.edu]
Sent: Friday, December 08, 2000 9:52 AM
To: imp@lists.horde.org
Subject: Re: [imp] secure connection only


> On Thursday 07 December 2000 16:57, Lars Hecking wrote:
> > Martin A. Marques writes:
> > > Is there an option in IMP to get all users to loging only using secure
> > > connections (https)?

> It's still a matter of server configuration.  I'm fairly sure that an
Apache
> Redirect clause can do all of that for you, and a hell of a lot faster
than
> thrashing around PHP redirects.
>
> CK

Are you using Apache 1.3.x ?

I just did this this morning, but it seems fine so far. In
/path/to/apache/conf/httpd.conf

Under the <IfDefine SSL> section, add:

<VirtualHost 129.81.118.5:80>
Redirect   /   https://your.host.org
</VirtualHost>

Putting the redirect in the main server has the unpleasant effect of a nasty
loop. Everytime you hit the https://url, you get redirected to it. The added
benefit is if you ever need to start apache without SSL, you don't have to
mess with the config to do it.


--
IMP mailing list: http://horde.org/imp/
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe@lists.horde.org