[BlueOnyx:18578] Re: Force SSL

Michael Stauber mstauber at blueonyx.it
Tue Oct 27 01:58:26 -05 2015 

Hi Maurice,

> Really nice!

Thank you. I think I got something. The code is already in SVN now, but
I haven't release it to the YUM repositories yet. Will do so after some
thorough testing sometime later today.

Under "Server Management" / "Maintenance" / "Desktop" the new GUI will
have a new pulldown:

GUI access protocols:
			- HTTP and HTTPS (default)
			- HTTPS only
			- HTTP only

And below that a checkbox:

Redirect to Server-Name: [ ]

My method works without messing with /etc/httpd/conf.d/blueonyx.conf or
throwing in .htaccess files.

Instead the redirects to the correct ports are all done by the GUI itself.

Example:

You go to http://www.site1.com/login to access the GUI. That loads
http://www.site.com:444/login and would usually show the login form.

Now if you have set the GUI to only accept HTTPS transactions, then the
user won't see the login form. Instead he directly gets redirected from
port 444 to https://www.site.com:81/login instead.

Additionally: If you force HTTPS, the ability to switch the login form
back to HTTP will be taken away (and vice versa). With that I mean that
the YES / NO toggle switches on the login form are taken away.

If you have the checkbox ticked for "Redirect to Server-Name", then all
GUI redirects go to the FQDN of the server. NOT to the FQDN of the vsite(s).

Example:

http(s)://www.site.com/login would go to http(s)://host.server.com/login

Additionally: When we force the GUI to HTTPS, then we don't want to
allow HTTP at all. So if someone is at ...

https://www.site.com:81/user/userMod?group=site1&name=s1_admin

... and manually changes the URL to this ...

http://www.site.com:444/user/userMod?group=site1&name=s1_admin

... to force it back to HTTP? Well, tough luck. He will end up back at
the HTTPS URL that he started at, as the GUI then won't allow HTTP
usage. This will also deal with URL auto-complete or bookmarks if
someone still had the old non-HTTPs URLs there. He'll get redirected to
HTTPS on the page that he actually wanted to visit. Even if he entered
the URL with just HTTP.

Like said: I'll need to test this some more and will publish it to the
YUM repositories when done.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list