https:// ?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • -=|zami|=-
    Senior Member
    • Feb 2009
    • 190

    [Resolved] https:// ?

    Hello!

    please, I have the following problem: the forum address https: // <address> returns a totally unconfigured forum page.
    however, with the address http: // <address>, the returned page is normal.

    so that the address https: // <address> also returns a perfect page the change is made in admincp:
    admincp >> settings >> options >> "Site Name / URL / Contact Details" and put https: // under "vBulletin URL", "Login URL" and "Core URL" and select YES under "HTTPS terminates before the webserver "

    Is that correct? Do I need to make another change in admincp?

    and for automatic redirection to the https: // page when entering the forum address in the browser? Where should I change?
    I'm using version 5.5.0.

    thank you!
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73981

    #2
    Is your web server behind a load balancer that doesn't forward https? If not, then "HTTPS terminates before the webserver" should be no.

    You would redirect from http to https at the server level. There is code in the provided .htaccess file but it is commented out. Review that file and read the comments for instructions.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment

    • -=|zami|=-
      Senior Member
      • Feb 2009
      • 190

      #3
      Okay, thanks, Wayne!

      the server does not have a load balancer. so I left this option as NO. right?

      the .htacess file (/ forum) did not have the lines for the redirect. I found these lines in htaccess.txt and copied them to the .htaccess file. I copied these lines:
      #To redirect users to the secure version of your site, uncomment the lines below
      #RewriteCond %{HTTPS} !=on
      #RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

      I removed the comments from the last two lines. right?

      what happened:
      - addresses with or without www are directed to https: //. all right at this point;
      - despite https: // and the valid certificate, there is still information that the connection to the site is not completely secure. what remains to be done for the browser to consider the site secure?
      interesting that when I access adminccp, the browser considers this page safe ...

      thank you!

      Comment

      • Mark.B
        vBulletin Support
        • Feb 2004
        • 24286
        • 6.0.X

        #4
        Originally posted by -=|zami|=-
        Okay, thanks, Wayne!

        the server does not have a load balancer. so I left this option as NO. right?

        the .htacess file (/ forum) did not have the lines for the redirect. I found these lines in htaccess.txt and copied them to the .htaccess file. I copied these lines:
        #To redirect users to the secure version of your site, uncomment the lines below
        #RewriteCond %{HTTPS} !=on
        #RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

        I removed the comments from the last two lines. right?

        what happened:
        - addresses with or without www are directed to https: //. all right at this point;
        - despite https: // and the valid certificate, there is still information that the connection to the site is not completely secure. what remains to be done for the browser to consider the site secure?
        interesting that when I access adminccp, the browser considers this page safe ...

        thank you!
        Everything on a page needs to be https for the site be seen as secure.

        So if you have any embedded images that use http, for example, you'll need to edit these and either change them to https, or remove them completely.
        MARK.B
        vBulletin Support
        ------------
        My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
        My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

        Comment

        • glennrocksvb
          Former vBulletin Developer
          • Mar 2011
          • 4011
          • 5.7.X

          #5
          Originally posted by Mark.B
          So if you have any embedded images that use http, for example, you'll need to edit these and either change them to https, or remove them completely.
          Or you can block mixed content to prevent non-https user-generated content (e.g. images) to break https on your site.

          So, I had my SSL broken today by mixed content. Turned out that a plugin that loads an external image all of a sudden no longer served from SSL. In order to fix




          Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

          Comment

          • -=|zami|=-
            Senior Member
            • Feb 2009
            • 190

            #6
            Great tip Mark!
            resolved!

            thank you very much!

            Comment

            • -=|zami|=-
              Senior Member
              • Feb 2009
              • 190

              #7
              Originally posted by Glenn Vergara
              Or you can block mixed content to prevent non-https user-generated content (e.g. images) to break https on your site.

              So, I had my SSL broken today by mixed content. Turned out that a plugin that loads an external image all of a sudden no longer served from SSL. In order to fix


              Thank you Glenn! had not seen his message.

              but from what I read in the link, that solution is not supported by IE, correct?

              Comment

              • Wayne Luke
                vBulletin Technical Support Lead
                • Aug 2000
                • 73981

                #8
                Originally posted by -=|zami|=-
                but from what I read in the link, that solution is not supported by IE, correct?
                IE is no longer an active development project.

                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API

                Comment

                • glennrocksvb
                  Former vBulletin Developer
                  • Mar 2011
                  • 4011
                  • 5.7.X

                  #9
                  Originally posted by -=|zami|=-
                  but from what I read in the link, that solution is not supported by IE, correct?
                  Correct but it's still good to use for the rest of the modern browsers.

                  IE11 usage is low and it will soon be dead. Do you still care for IE browser? Do you have a lot of IE11 users?

                  Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

                  Comment

                  • -=|zami|=-
                    Senior Member
                    • Feb 2009
                    • 190

                    #10
                    hello, Glenn!

                    IE users represent only 1% today. I think the code is worth inserting.

                    thank you!

                    Comment

                    • glennrocksvb
                      Former vBulletin Developer
                      • Mar 2011
                      • 4011
                      • 5.7.X

                      #11
                      Yeah. Especially that a new security flaw is recently discovered on IE.

                      Microsoft's Internet Explorer has a longstanding reputation for poor security, but it's now bad enough that you could be attacked just by having it on your PC. Security researcher John Page has revealed an unpatched exploit in the web browser's handling of MHT files (IE's web archive format) that hackers can use to both spy on Windows users and steal their local data. As Windows opens MHT files using IE by default, you don't even have to run the browser for this to be a problem -- all you have to do is open an attachment sent through chat or email.

                      Flag Icon Postbit Insert GIPHY Impersonate User BETTER INITIALS AVATAR Better Name Card Quote Selected Text Bookmark Posts Post Footer Translate Stop Links in Posts +MORE!

                      Comment

                      • Wayne Luke
                        vBulletin Technical Support Lead
                        • Aug 2000
                        • 73981

                        #12
                        Internet Explorer should only be used in enterprise settings when required for proprietary apps and there is no workaround. This is the actual guidance from Microsoft. If you're on Windows 10, you should use Chrome, Firefox, Edge, or one of the dozen Chromium variants available. If you're on Windows 7, 8, or 8.1 still, then you should use Chrome, Firefox, or one of the dozen Chromium variants available.

                        Later this year or early next year, Edge should be available for Windows 7, 8, and 8.1. After it is rebuilt as a Chromium variant.
                        Translations provided by Google.

                        Wayne Luke
                        The Rabid Badger - a vBulletin Cloud demonstration site.
                        vBulletin 5 API

                        Comment

                        • -=|zami|=-
                          Senior Member
                          • Feb 2009
                          • 190

                          #13
                          Thank you, Wayne!
                          I didn't know that!

                          Comment

                          Related Topics

                          Collapse

                          Working...