Hello
I have a site and want one of my main pages and all of the modules to be accessible ONLY by HTTPS.
I tried some solutions, including one found here (Jaburo Base HttpsFilter Class) without success.
The SSL on my site is enabled, but when I enable HttpsFilter and try to browse the page the infinite loop of redirection happens.
Does anybody knows where is the problem? Where is my mistake?
Thanks in advance for any help.
Hm. Which webserver are you using? Apache’s mod_ssl knows the SSLRequireSSL-directive which should work well in Location-context.
The server is Apache.
The SSL is enabled. When I try without HttpsFilter to browse the needed page by HTTPS everything is fine. But the page is still accessible by HTTP too, which is not my purpose.
Quoting http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl:
Sounds a lot like what you need.
Another way is just to add next code to controllers/actions, which you want to force to use SSL:
if ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") && $isProduction) {
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: $url");
exit;
}
Code is not from Yii framework, but you can easy modify to use Yii global parameters(Yii::app()->params[‘isProduction’]), nand environmental variables/requests.