Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2011-06-17 17:46:57
- brianrak
- New Member
- Registered: 2011-06-17
- Posts: 3
Encrypt admin site access, server has separate root directories
Hello there,
I searched the FAQs and forum, but couldn’t find an answer to my particular question.
I’m using a server that has separate root directories for public and secure content. The stuff in /public appears at the root of http://www.site.com, and the stuff in /secure appears at the root of https://www.site.com.
I want to allow logins to the admin area to go across SSL. I read the documentation about the multi-site feature, but it didn’t seem to exactly apply, because it talks about putting the admin site in a subdomain, which is not what I want to do. (My client’s host will not allow SSL to subdomains — lame, but I can’t change the host for various other reasons.)
Also, I’m not sure if I can set up virtual hosts on this server. I couldn’t find an httpd.conf file anywhere in the directory structure that I have access to. (But I’m not really a *nux guy, so feel free to correct me if I’ve made a newb assumption here.)
So I’m thinking that my only real option is to install textpattern into the public side of the site, and then copy the entire textpattern directory into the secure side so that logins can happen there. That would be a lot of duplicated code files, but presumably the real goods are in the database. Would that work?
Seems like I’m almost certainly retreading well-trod ground here, but I couldn’t find anything. I’d be grateful for any pointers.
Brian
Offline
#2 2011-06-17 23:58:42
- brianrak
- New Member
- Registered: 2011-06-17
- Posts: 3
Re: Encrypt admin site access, server has separate root directories
Or maybe the simplest thing to do would be to create a symlink in the secure side that points to the textpattern directory?
Offline
Re: Encrypt admin site access, server has separate root directories
That should work, assuming the web server is set up to follow symlinks and you don’t mind the admin interface being accessible from the non-secure side as well.
Offline
Re: Encrypt admin site access, server has separate root directories
artagesw wrote:
you don’t mind the admin interface being accessible from the non-secure side as well.
Which you might be able to block/redirect simply by checking the protocol used with .htaccess file placed to textpattern directory, or by using SSLRequireSSL if mod_ssl is used.
For example something like this (untested, use with caution) could be used to redirect requests from http to https. Should be saved as .htaccess file to /textpattern/ directory so that it only effects admin-side.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Offline
#5 2011-06-20 01:48:09
- brianrak
- New Member
- Registered: 2011-06-17
- Posts: 3
Re: Encrypt admin site access, server has separate root directories
Awesome! It worked on both counts. Thanks a ton, guys!
Offline