Am 01.01.2013 03:55, schrieb Arne Berglund:
> On 2012-12-31 17:23, Robert Moskowitz wrote:
>> I can't claim any real skill in configuring apache, all I can do is
>> read readmes and copy and paste for examples and things I have
>> running... So I SEEM to have made some real headway, but have not
>> gotten wireshark going to see if it is really behaving as it seems. I
>> would appreciate any input on a cleaner way to setup Roundcube as a
>> virtual host only over TLS.
>
> <snipped>
>
> Robert, here's the setup I have, partially inherited and partially refined
> over the years. My ReWrite is in a
> directory declaration, and has never thrown any errors.
>
> <Directory "/">
> RewriteEngine on
> ReWriteCond %{HTTP_HOST} =webmail.example.org [NC]
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^.*$ https://webmail.example.org%{REQUEST_URI} [L,R]
> </Directory>the next one missing that without "secure only" flag the browser will send the cookies unencrypted because they are part of he request headers and the redirect happens after them
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
