Re: SSL protect admin routes
In case it helps anyone in the future, I used a combination of
SSLRequireSLL in Apache's configuration to prevent non-SSL access to
'admin', and an adaptation of this code:
function beforeFilter() {
if(isset($this->params[Configure::read('Routing.admin')])){
$this->Security->blackHoleCallback = 'forceSSL';
$this->Security->requireSecure();
}
}
function forceSSL() {
$this->redirect('https://' . $_SERVER['SERVER_NAME'] .
$this->here);
}
to handle the redirect in my custom app_controller. The above example
is from the cook book, here:
http://book.cakephp.org/view/268/Usage
Toby
toby1kenobi wrote:
> Hi Brian & Piotr,
>
> Thanks for replying, much appreciated. Unfortunately the leading
> slash makes no difference I'm afraid, one I'd already tried. And yes
> Piotr, the login path is also in the admin routing.
>
> Any more tips anyone?
>
> Toby
>
> On Jul 28, 7:39 pm, "3lancer.eu" wrote:
> > Hello,
> >
> > > I'm struggling with something I imagine is extremely easy, forcing
> > > my admin routes to go over SSL. Am I even close?!
> >
> > Maybe you should consider forcing SSL connection at the login point as
> > well (no need if you already aliased login operation with admin
> > route).
> >
> > Regards,
> > Piotr
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: SSL protect admin routes
Hi Brian & Piotr, Thanks for replying, much appreciated. Unfortunately the leading slash makes no difference I'm afraid, one I'd already tried. And yes Piotr, the login path is also in the admin routing. Any more tips anyone? Toby On Jul 28, 7:39 pm, "3lancer.eu" wrote: > Hello, > > > I'm struggling with something I imagine is extremely easy, forcing > > my admin routes to go over SSL. Am I even close?! > > Maybe you should consider forcing SSL connection at the login point as > well (no need if you already aliased login operation with admin > route). > > Regards, > Piotr --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: SSL protect admin routes
Hello, > I'm struggling with something I imagine is extremely easy, forcing > my admin routes to go over SSL. Am I even close?! Maybe you should consider forcing SSL connection at the login point as well (no need if you already aliased login operation with admin route). Regards, Piotr --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: SSL protect admin routes
You're missing the initial slash:
RewriteCond %{REQUEST_URI} ^/admin(.*)$
On Tue, Jul 28, 2009 at 12:56 PM, toby1kenobi wrote:
>
> Hi there,
>
> I'm struggling with something I imagine is extremely easy, forcing
> my admin routes to go over SSL. Am I even close?!
>
> RewriteCond %{HTTPS} !=on
> RewriteCond %{HTTP_HOST} ^mylive.domain.com
> RewriteCond %{REQUEST_URI} ^admin(.*)$
> RewriteRule .* https://mylive.domain.com%{REQUEST_URI} [L,R=301]
>
> I have this in the htacess file in webroot, which is what Apache is
> configured to serve the site out of. If I comment out the third line
> all traffic (to any URL) goes over SSL, so I feel like I must be
> nearly there...
>
> Thanks in advance,
>
> Toby
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
SSL protect admin routes
Hi there,
I'm struggling with something I imagine is extremely easy, forcing
my admin routes to go over SSL. Am I even close?!
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^mylive.domain.com
RewriteCond %{REQUEST_URI} ^admin(.*)$
RewriteRule .* https://mylive.domain.com%{REQUEST_URI} [L,R=301]
I have this in the htacess file in webroot, which is what Apache is
configured to serve the site out of. If I comment out the third line
all traffic (to any URL) goes over SSL, so I feel like I must be
nearly there...
Thanks in advance,
Toby
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
