epretorious Posted April 17, 2014 Share Posted April 17, 2014 Lately our installation of WordPress seems to be misbehaving with regards to HTTPS/SSL so we've been trying to understand why some pages are redirected to the unencrypted site (i.e., In some instances, vistors are redirected from https://www.domain.com to http://www.domain.com) and others are not. While investigating this, we discovered that some WHMCS pages are redirected from https://www.domain.com/whmcs/foo.php to http://www.domain.com/whmcs/foo.php) and others are not. e.g., These scripts redirect from HTTPS to HTTP... /whmcs/index.php /whmcs/knowledgebase.php ...and these scripts do not redirect from HTTPS to HTTP... /whmcs/domainchecker.php /whmcs/clientarea.php ...so we started using openssl to determine what's really going on: eric@eric-x1:~$ openssl s_client -connect domain.com:443 ... --- GET /whmcs/index.php HTTP/1.1 HOST:www.domain.com HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 16 Apr 2014 23:54:30 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=e0a8l02gj4t14tnth97nljcit4; path=/; HttpOnly Location: http://www.domain.com/whmcs/index.php X-Powered-By: PleskLin MS-Author-Via: DAV GET /whmcs/knowledgebase.php HTTP/1.1 HOST:www.domain.com HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 16 Apr 2014 23:55:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=2mo13cjhoshst68nqqcf8bcgu6; path=/; HttpOnly Location: http://www.domain.com/whmcs/knowledgebase.php X-Powered-By: PleskLin MS-Author-Via: DAV GET /whmcs/clientarea.php HTTP/1.1 HOST:www.domain.com HTTP/1.1 200 OK Server: nginx Date: Wed, 16 Apr 2014 23:57:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=ha591al583jvjj6sdckfu35d60; path=/; HttpOnly X-Powered-By: PleskLin MS-Author-Via: DAV 1207 ...<HTML OUTPUT>... GET /whmcs/domainchecker.php HTTP/1.1 HOST:www.rocket-powered.com HTTP/1.1 200 OK Server: nginx Date: Thu, 17 Apr 2014 00:01:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=drd70dq09klifj4enmupkb6mb2; path=/; HttpOnly X-Powered-By: PleskLin MS-Author-Via: DAV 2ae6 ...<HTML OUTPUT>... ...so now we're wondering if some of these PHP scripts (e.g., index.php, knowledgebase.php) force a redirect to the unencrypted page or if there's some other mechanism at work. 0 Quote Link to comment Share on other sites More sharing options...
epretorious Posted April 18, 2014 Author Share Posted April 18, 2014 ...so now we're wondering if some of these PHP scripts (e.g., index.php, knowledgebase.php) force a redirect to the unencrypted page or if there's some other mechanism at work. Thoughts? Ideas? Anyone? 0 Quote Link to comment Share on other sites More sharing options...
DennisHermannsen Posted April 18, 2014 Share Posted April 18, 2014 We are forcing SSL on all pages, and we do not have any problems. How are you forcing SSL on the other pages? 0 Quote Link to comment Share on other sites More sharing options...
epretorious Posted April 25, 2014 Author Share Posted April 25, 2014 I think that you might have misunderstood the question, Dennis: ...we've been trying to understand why some pages are redirected to the unencrypted site (i.e., In some instances, vistors are redirected from https://www.domain.com to http://www.domain.com) and others are not. ...we discovered that some WHMCS pages are redirected from https://www.domain.com/whmcs/foo.php to http://www.domain.com/whmcs/foo.php) and others are not. e.g., These scripts redirect from HTTPS to HTTP... /whmcs/index.php /whmcs/knowledgebase.php ...and these scripts do not redirect from HTTPS to HTTP... /whmcs/domainchecker.php /whmcs/clientarea.php ... eric@eric-x1:~$ openssl s_client -connect domain.com:443 ... --- GET /whmcs/index.php HTTP/1.1 HOST:www.domain.com HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 16 Apr 2014 23:54:30 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=e0a8l02gj4t14tnth97nljcit4; path=/; HttpOnly Location: http://www.domain.com/whmcs/index.php X-Powered-By: PleskLin MS-Author-Via: DAV GET /whmcs/knowledgebase.php HTTP/1.1 HOST:www.domain.com HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 16 Apr 2014 23:55:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=2mo13cjhoshst68nqqcf8bcgu6; path=/; HttpOnly Location: http://www.domain.com/whmcs/knowledgebase.php X-Powered-By: PleskLin MS-Author-Via: DAV GET /whmcs/clientarea.php HTTP/1.1 HOST:www.domain.com HTTP/1.1 200 OK Server: nginx Date: Wed, 16 Apr 2014 23:57:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=ha591al583jvjj6sdckfu35d60; path=/; HttpOnly X-Powered-By: PleskLin MS-Author-Via: DAV 1207 ...<HTML OUTPUT>... GET /whmcs/domainchecker.php HTTP/1.1 HOST:www.domain.com HTTP/1.1 200 OK Server: nginx Date: Thu, 17 Apr 2014 00:01:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: WHMCS1c2qbdetsdVY=drd70dq09klifj4enmupkb6mb2; path=/; HttpOnly X-Powered-By: PleskLin MS-Author-Via: DAV 2ae6 ...<HTML OUTPUT>... ...so now we're wondering if some of these PHP scripts (e.g., index.php, knowledgebase.php) force a redirect to the unencrypted page or if there's some other mechanism at work. Looking at the code (above) would indicate that these scripts redirect from HTTPS to HTTP... /whmcs/index.php /whmcs/knowledgebase.php ...and these scripts do not redirect from HTTPS to HTTP... /whmcs/domainchecker.php /whmcs/clientarea.php Is this the expected behavior of these scripts to force a redirect to the unencrypted page? Or is there's some other mechanism at work (e.g., mod_rewrite)? 0 Quote Link to comment Share on other sites More sharing options...
CCSupport Posted April 26, 2014 Share Posted April 26, 2014 I can confirm that even though we have a redirection setup for some reason the following pages get redirected BACK to http: index.php knowledgebase.php downloads.php announcements.php It is driving me CRAZY! I can hover over the knowledgebase link for instance and it shows https://.... however when clicked it redirects to http://.... - Only the stated pages do this. We use a Zomex Theme and within the theme you can even get it to do HTTP > HTTPS redirects and even that runs into the same issue. We use .htaccess code to complete the redirects....every site I have tried the redirects on works fine...apart from WHMCS. The code we use to redirect to www then to https://www. is: RewriteCond %{HTTPS} (on)? [NC] RewriteCond %{HTTP_HOST} ^(?!www\.)(.+)$ [NC] RewriteCond %{REQUEST_URI} (.+) RewriteRule .? http(?%1s)://www.%2%3 [R=301,L] As mentioned, works fine on other sites. 0 Quote Link to comment Share on other sites More sharing options...
SeanP Posted April 27, 2014 Share Posted April 27, 2014 Within your General Settings, if you have an HTTP URL for "WHMCS System URL" and an HTTPS URL for "WHMCS SSL System URL", it will switch back and forth. It basically determines what pages needs SSL (ordering pages, account modifying pages, etc.). For things like the knowledgebase, or the front page (index.html) you most likely wouldn't need SSL. However, if you want your entire site to be SSL, try this... Set the "WHMCS System URL" to your HTTPS URL. This will cause the "WHMCS SSL System URL" setting to blank itself. Leaving it this way (an HTTPS URL in "WHMCS System URL" and "WHMCS SSL System URL" blank), should cause the entire site to remain on your HTTPS URL. 1 Quote Link to comment Share on other sites More sharing options...
CCSupport Posted April 28, 2014 Share Posted April 28, 2014 Perfect! I have just done the above and after some initial testing all is looking well! You beauty! I will carry out further testing just to confirm it hasn't caused any issues but looks good Thanks! 0 Quote Link to comment Share on other sites More sharing options...
gotcha Posted November 9, 2014 Share Posted November 9, 2014 How to force using SSL only for Index.php? 0 Quote Link to comment Share on other sites More sharing options...
gotcha Posted November 9, 2014 Share Posted November 9, 2014 I want to flexibility using https or http with my written codes without forced back by WHMCS system? 0 Quote Link to comment Share on other sites More sharing options...
adroitssd Posted November 11, 2014 Share Posted November 11, 2014 I face the same error. 301 direct does not force that pages to redirect https. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.