-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 1/22/2014 10:27 AM, Al wrote:
I have SSL setup and working with apache and can browse the site with http or https, but does anyone know how to make mediaWiki switch to https when logging on? Or, at the very least, switch temporarily just for the login?
I'm not sure if this is the "right" way of doing things (it doesn't take into account non-English languages, but I run an English-only wiki), but I managed to do this with mod_rewrite. Note that I use short URLs (path /wiki/, with the "raw" path being /wikix/):
<IfModule mod_ssl.c> RewriteCond %{HTTPS} ^off$ RewriteCond %{REQUEST_URI} ^/wikix/ RewriteCond %{QUERY_STRING} title=Special:UserLogin RewriteRule ^/wikix/(.*) https://%%7BHTTP_HOST%7D/wikix/$1 [R,L] RewriteCond %{HTTPS} ^off$ RewriteRule ^/wiki/Special:UserLogin https://%%7BHTTP_HOST%7D/wiki/Special:UserLogin [R,L] </IfModule>
The first set of rules captures the query string version of the request, while the second set captures the short URL version. Also note that, in my experience, once the wiki has been put in HTTPS mode, it tends to like to stay there. I'm not sure if it's my configuration (I didn't explicitly set it this way), but if I try to force it to go back to HTTP, it "forgets" that I'm logged in, so I'm assuming it's setting the login cookie as HTTPS-only.
Hope this helps.
- --
Jeffrey T. Darlington General Protection Fault http://www.gpf-comics.com/