Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by petekuhn on Friday, 23 June 2023 19:53 CDT
We have a test site in a subdomain, test.XXXX.org, and Joomla System Configuration Force HTTPS doesn't work for that site (it works fine for the main site).
My question is whether we can use AdminTools to fix this. I noticed a param in .htaccess Maker
Force HTTPS for these URLs (do not include the domain name)
Will this work? If so, how do I specify it? Thanks.
You can just create a .htaccess file in the subdomain with the contents
RewriteEngine On
RewriteBase / RewriteCond %{HTTPS} !=on [OR] RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule .* https://test.XXXX.org%{REQUEST_URI} [L,R=301]
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS </IfModule>
Remember, Joomla's Global Configuration option only works for pages rendered by Joomla. When Joomla sees that the URL scheme is http it will output an HTTP 307 redirection to the same URL but with the https scheme. It's all done in PHP code.
The .htaccess code uses a web standard called HSTS. It is an HTTP header send with the server reply which tells the browser “hey, so that you know, you should try to access this site only over HTTPS; this applies for the next 31536000 seconds (1 year)”. The browser sees that and will not even try to use plain old HTTP anymore for that subdomain; it will automatically upgrade the request to HTTPS.
However, this header can only be sent for HTTPS requests. Hence the first five lines which do what Joomla's Force HTTPS does, but at the .htaccess level.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thanks, Nicholas. This took me 90% of the way there. The problem with this is that I have to remembber to insert the .htaccess code you recommended whenever I clone a test site.
I did a little more research and found a variant of what you recommended that will solve this problem.
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I can just use AdminTools to put this at the top of the .htaccess file, and it will work with cloned test sites in subdomains.
Thanks again.
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!