Force https on section of site

Hey all,
I have a site that needs a secure area. Online they are setup with their own SSL certificate and the host has the SSL mod enabled. I am trying to find a way to force the address to use https if the secure area of the site is accessed.
For example:
1. http://site.dev -> no redirect or rewrite
2. http://site.dev/secure -> redirect/rewrite to https://secure.site.dev
3. http://secure.site.dev -> r/r to https://secure.site.dev
4. http://secure.site.dev/* -> r/r to https://secure.site.dev/*
What the above examples currently do:
1. http://site.dev -> http://site.dev (good)
2. http://site.dev/secure -> https://site.dev/secure/
3. http://secure.site.dev -> http://secure.site.dev (But goes to the localhost site [It Works! default page] rather than attempting the unsecured access)
4. No sub folders to try this yet
If I type in https://secure.site.dev it goes right where it is supposed to using the SSL.
Currently I am attempting to do this with two virtual hosts and some rewrite code in the .htaccess file of the secure folder.
-- Vhost Example
<VirtualHost *:80>
 ServerName site.dev
 DocumentRoot /path/to/public/folder/for/vhost
 Redirect /secure/ https://secure.site.dev
</VirtualHost>
<VirtualHost *:443>
 ServerName secure.site.dev
 DocumentRoot /path/to/public/secure/folder/for/vhost
 SSLEngine on
 SSLCertificateFile /path/to/cert/file.crt
 SSLCertificateKeyFile /path/to/key/file.key
</VirtualHost>
-- .htaccess (in public/secure folder)
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
-- End of examples
Thanks in advance

Hi
I am not sure then what you mean by a Public Website when you are authenticating users ? There is a difference in both and that difference arises from the fact that Public sites could be accessed by any user without any login credentials.
It should be applied only for one section if at all that section deems to be brought under some security access.
I will put an example for the same :
Say a Mobile Service provider has public site and any one can access the same and read through the information on the pages without any authentications but the moment you want to check your personal connection details then you will be prompted for the same.
Even though this is a public site but there are sections that you need to have security enabled for the real users.
In this sort of scenario I would suggest to put the security group for that section alone to be a secured on (not a a Guest access role).
Hope this clarifies and helps
Thanks
Srinath

Similar Messages

How to force HTTPS on a page

We have registration forms and other pages that collect personal details from users who are registering for the site or submitting other transactions (other than shopping cart purchases). By default these pages are delivered using HTTP under the main website.
We need these pages to be secured using HTTPS. How can we force HTTPS on these pages?
Thanks,
Colin

Only way on BC is javascript
eg:
var secureURL = "yourdomain.worldsecuresystems.com";
if ((window.location.protocol == "http:" || location.hostname != secureURL) && location.search.search("A=Template") == -1 && location.search.search("Preview") == -1) window.location = "https://"+secureURL+window.location.pathname;

How to correct COOKIE + FORCED HTTP METHOD error

I am running a few pages against the Access Me plug-in in
firefox and
received 3 errors..and 2 warnings...
where do i began to resolve these issues?
Access Me String Test Results
FORCED HTTP METHOD
Attack Details:
a.. HTTP Method: SECCOMP
The attacked page is dangerously similar to the original
page. It is 100%
similar. Got access to a resource that should be protected.
Server response
code:200 OK.
COOKIE + FORCED HTTP METHOD
Attack Details:
a.. Input Parameter: ASP.NET_SessionId
b.. HTTP Method: SECCOMP
The attacked page is dangerously similar to the original
page. It is 100%
similar. Got access to a resource that should be protected.
Server response
code:200 OK.
COOKIE
Attack Details:
a.. Input Parameter: ASP.NET_SessionId
The attacked page is dangerously similar to the original
page. It is 100%
similar. Got access to a resource that should be protected.
Server response
code:200 OK.
FORCED HTTP METHOD
Attack Details:
a.. HTTP Method: HEAD
Got access to a resource that should be protected. Server
response code:200
OK. The attacked page is not very similar to the original
page. It is 0.649%
similar.
COOKIE + FORCED HTTP METHOD
Attack Details:
a.. Input Parameter: ASP.NET_SessionId
b.. HTTP Method: HEAD
Got access to a resource that should be protected. Server
response code:200
OK. The attacked page is not very similar to the original
page. It is 0.649%
similar.
ASP, SQL2005, DW8 VBScript, Visual Studio 2005, Visual Studio
2008

I think in get_p method you have declared the field type as Value help and in GET_V method you havent filled your value help table. Please check these two methos. Hope this helps you.
Regards,
Lakshmi.Y

After removing force https can I get Firefox to quit redirecting me from google classic to google SSL?

I was using Force https, and have since removed it. I am being redirected, however, to google SSL and cannot load the google classic page. I do not want to use SSL (https://encrypted.google.com). How do I get Firefox to direct me to the correct website as I enter it (www.google.com)? I have tried clearing my cache and cookies, as well as reading suggestions on google's forums. Help please? Thanks!

Sounds like you picked up some re-direct Malware.
Install, update, and run these programs in this order. They are listed in order of efficacy. '''''(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)''''' These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have. 
''Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.''
Malwarebytes' Anti-Malware - [http://www.malwarebytes.org/mbam.php] 
SuperAntispyware - [http://www.superantispyware.com/] 
AdAware - [http://www.lavasoftusa.com/software/adaware/] 
Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html] 
Windows Defender: Home Page - [http://www.microsoft.com/windows/products/winfamily/defender/default.mspx] 
Also, if you have a search engine re-direct problem, see this: 
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
If these don't find it or can't clear it, post in one of these forums for specialized malware removal help: 
[http://www.spywarewarrior.com/index.php] 
[http://forum.aumha.org/] 
[http://www.spywareinfoforum.com/] 
[http://bleepingcomputer.com]

Is forcing Http tunneling mode possible ?

Hello,
in order to make some tests between 2 PC on the same intranet, I would like to know if it's possible to force RMI to use http tunneling, and to choose the mode : http-to-port or http-to-cgi ?
If possible, please tell me how.
Many thanks in advance.
C. BREZAK

RMI depends on custom socket factories (sun.rmi.transport.proxy.RMIHttpToPortSocketFactory, sun.rmi.transport.proxy.RMIHttpToCGISocketFactory) for carrying out the HTTP tunneling of RMI request if normal way of establishing a connection with the remote object fails. If no particular RMI socket factory is set in RMI application, RMI runtime chooses the RMIMasterSocketFactory() for creating client and server sockets. This socket factory maintains a list of socket factories which should be tried in order in establishing a successful connection with the remote object. This list includes RMIDirectSocketFacotry and HTTP tunneling socket factories mentioned above if http.proxyHost proerty is set.
You can force HTTP tunneling by explicitly setting default socket factory (RMISocketFactory.setSocketFactory(...)) to sun.rmi.transport.proxy.RMIHttpToPortSocketFactory in the client application. If this fails you can try setting default socket factory to RMIHttpToCGISocketFactory. It may not be possible trying these two options in the same instance of the program, because setSocketFactory() does not allow you to change the already defined default factory to the new one. This may not be elegant solution.
-- Srinath Mandalapu

Force http uauth of every Blackberry connecting through BES

Greetings,
We have a BES on site that will allow port 80 access to the Internet for every attached Blackberry. We are using ACS version 3.3 for user authentication.
When a particular user connects to port 80 out over the single BES server - that user is authenticated via ACS. At that point, subsequent users are allowed access without the need to re-authenticate.
Is there anything I can do to force authentication for each Blackberry user access the Internet via the BES?
Thanks.

Http mode lets you enable port on firewall for http transport only. Anyway you have to open this port.
How to avoid using additional port:
1. I've read that configuring forms servlet (requires 9iAS with Apache) instead of forms CGI lets using a single port
2. If you configured Web server on one IP and Forms listener on another IP - both on ports 80. I think it should work but haven't tried it yet.
Both solutions are hard for me - first requires to buy and deploy 9iAS and second requires to have another IP and another certificate (if you want https).

How to force HTTP:ORMI Tunnelling from JDEV?

Hi,
I deployed successfully ADF BC as EJB on OC4J and I have tested them using BC4J tester of JDEV.
I setup a SWING ADF small grid and want to force the HTTP tunneling...
How can I do that??
Thanks in advance
JO

Weblogic 10.3 generated client use HTTP 1.1 protocol

No Advanced section under site settings?

I am trying to set up a POP/IMAP email account and there is no Advanced section under the site settings. Also, I keep getting this message " Your email is configured with an external provider. If you want to create E-Mail accounts you need to change your E-Mail settings. " Yet when I click on the button to go to make the change, it just directs me back to the Site Settings screen with no instruction on what to change! Help!

If you are using Third party email services, get MX records settings from your email provider and add it to Site Settings-> Site Domain, as explained here,
Business Catalyst Help | Use an external email provider
If you are gong to host email to Business catalyst, Select Site Settings > Site Domains and then select New MX Record from the More Actions menu.
Select Site Settings > Site Domains and then select New MX Record from the More Actions menu-> New MX Record, select your domain name, and click Save.
Let me know if you have any trouble

Force http traffic to specific interface

Just setup a 2801 router. We have a Serial interface card on it connected to a T1 and eth1 connected to DSL. We want to force web traffic (http, https, ftp) to use the DSL connection. I tried a simple access-list to allow http to the DSL and deny to the T1, however it didn't seem to work. Then I noticed that in the SDM it has "default" rultes that always enable http. Do I need to disable the http server to get this access list to work or is there an easier way to force web traffic to a specific interface?
Thanks in advance.

I setup the route-map and access-list and applied it to FE 0/1 (DSL connection), however it still appears nothing is going through that interface. When I monitor it in the SDM, it shows 0% bandwidth usage.
Just to double check I unplugged the DSL to see if web traffic stopped, but it was still going, I assume through the T1 at S 0/2/0.
FE 0/0 goes to our fw, then to lan
FE 0/1 goes to DSL
S 0/2/0 goes to T1
Here is my config:
router#show run
Building configuration...
Current configuration : 4506 bytes
! Last configuration change at 10:29:45 MDT Fri Aug 4 2006 by admin
! NVRAM config last updated at 15:17:31 MDT Thu Aug 3 2006 by admin
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
boot-start-marker
boot system flash c2801-ipbasek9-mz.124-8.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$EWDt$pvWzeNhilneb/EUJosxlv0
no aaa new-model
resource policy
clock timezone MDT -7
clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
ip cef
ip tcp synwait-time 10
no ip bootp server
ip name-server 198.60.22.2
ip name-server 198.60.22.22
username admin privilege 15 secret 5 $1$TF47$aa8RLf18isZxIwjOKfdmZ.
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 199.104.124.210 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1
description $FW_OUTSIDE$$ETH-LAN$
ip address 192.168.2.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip policy route-map toDSL
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1/0
interface FastEthernet0/1/1
interface FastEthernet0/1/2
interface FastEthernet0/1/3
interface Serial0/2/0
ip address 204.228.133.46 255.255.255.252
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
ip route 0.0.0.0 0.0.0.0 204.228.133.45
ip route 192.168.2.0 255.255.255.0 192.168.2.1
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
access-list 111 permit tcp any any eq www
no cdp run
route-map toDSL permit 1
match ip address 111
set ip next-hop 192.168.2.1
control-plane
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
exec-timeout 30 0
privilege level 15
login local
transport input ssh
transport output ssh
line vty 5 15
access-class 102 in
privilege level 15
login local
transport input ssh
scheduler allocate 20000 1000
ntp clock-period 17178101
ntp update-calendar
ntp server 198.60.22.240 source Serial0/2/0
end

How do I edit an https page in my site?

WE have been using Contribute - CS4 for a long time for my client to edit his site. But we recently added a couple of https pages and Contribute will not let us into thes pages. What do we have to do to be able to edit these in Contribute?

Tap the event you want to change, tap Edit on the top right, change as desired, then tap Done on the top right.

HTTP Acceleration for internet sites

I am starting a pilot on Version 4.1.1a.10 and have 15 sites.
A small site w/ T1 has a majority of the bandwidth being consumed by....you guessed it HTTP web traffic! So, The question is
If I deploy an Core WAE in my DC at the inside of the "Surf" firewall, Will the user behind the Edge WAE in the branch really feel the benefits when browsing internet sites? Does this new Feature in 4.1 attempt to mitigate in some small way the need for caching servers? Connection reuse is a major component here but how well will this function on a HTTP site outside of the Data Canter?
Thanks in advance
Todd
Most of the discussion for HTTP acceleration has been for internal HTTP sites.

So, My interpretation of that statement is yes a little bit. It will reduce the latency between the internet Access point and the customer LAN. but what about connection reuse for internet sites? If the remote site goes to Facebook every day ( for busness use lets say) will a core WAE optimize(reduce latency) and use DRE cacheing techniqes to improve performance to that site.

Browsers on my computer force https

When I installed Server on my computer last Summer, I had a little trouble with it, not having had any prior experience with servers. In the end I abandonned the project, because it turns out that the site hosted on my computer was only showing up on my local network, plus my ISP didn't provide static IPs at all, and there were a couple of other reasons. But when I turned Server off, I lost access to my site from my computer (not the other computers on my network). I've narrowed down the problem: when I try to access my site, every browser I have installed changes the URL from an http:// to https://, and shows and Apache server default root, brandishing "Index of /" and no files, because I emptied the original root folder. But even with server off and quit, I couldn't get to my site if my life depended on it.
Any advice?

Hello,
I can't give you a proper answer for Windows Vista, but I think that your problem might have more to do with the OS configuration rather than with Firefox or IE.
In the guidelines to solve Firefox related problems, it is said:
"Does the problem happen in IE as well? If so, it's a problem on the system, not Firefox."
Also Firefox has a configuration file for each user, which is called prefs.js.
I hope it helps. Let's see if some more experienced user can enlighten the subject.

Disable HTTP Methods for SharePoint site

Hi,
Our firewall is reporting that someone is trying to use HTTP OPTIONS Method to exploit our SharePoint server.
I want to know which HTTP methods are required by SharePoint 2010 so that i can disable other HTTP methods to increase security.
I am trying to follow recommendations from Open Web Application Security Project.
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Regards, Muhammad Usman Azmat

Verbs such as OPTIONS will require authentication to be of any use. If you disable OPTIONS, you'll likely run into various issues using SharePoint, and here is an older example (that will likely apply even today):
http://blogs.msdn.com/b/vsofficedeveloper/archive/2008/10/03/sharepoint-cisco-css-switch-issue.aspx
At any rate, changing IIS settings at the Web Application IIS site level, with the exception of IIS Site Bindings where appropriate, is highly discouraged.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

I need to Stop private browsing https on the Youtube site. How do I disable it?

The "Always use private browsing mode" box was always UNchecked. I normally DON'T connect to most other websites securely (showing https), it's ONLY on Youtube; which I normally have NO problem with (it's more secure). I NEED to be ABLE TO do it sometimes in order for TWO Firefox (Youtube) extensions (ie. ProxtubeYoutube & Unblocker) to work! So, how can I turn it OFF for the Youtube site.

Have you tried starting Firefox in safe mode?
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

Targeted HTTP Requests through SonicWALL Site-to-Site VPN

I have a B2B tunnel to one of our customers. All HTTP/HTTPS traffic from our main office for those addresses goes across the B2B.Now, I have a remote office connected to the main office via site-to-site VPN. How can I target HTTP/HTTPS requests for only the customer websites to use the site-to-site VPN to our office, then the B2B, while allowing other Web traffic to go straight out through the remote office? I have already added the subnets used by the B2B to the access lists at both ends of the site-to-site, but computers at the remote office cannot load Web pages, because the requests are not coming from our B2B IP address. nslookup and ping work from the remote office; DNS is resolving the name to the correct IP address. However, the HTTP/HTTPS requests are going straight out through the remote office firewall without hitting the...
This topic first appeared in the Spiceworks Community

Hi
I looked through the similar questions and I cannot find the answer. My VPN is working correctly and I can ping every LAN interface address objects specified in my routes but I'm unable to ping or access end devices beyond that. IPS and the GAV is not enable since I don't have the licenses, so theirs no concern there. Something is telling me that it could be a basic route needs to be in place on VPN > LAN but that was created in the initial VPN configuration.
For example I can ping Remote LAN interfaces 172.16.0.254, 172.18.0.254 but I cant ping the devices in those subnets.
This topic first appeared in the Spiceworks Community

Force https on section of site

Similar Messages

Maybe you are looking for