Protect using SSL

[RPS]

It works fine without the .htaccess

- Oh ok.. I thought it wasn't working. Glad it works fine now

[vinbase]

If I've my main site only as: https://whmcs.site.com and no SSL URL. It doesn't make any effect when someone types: http://whmcs.site.com, he will never be forced to use SSL.

Am I right ?

[RPS]

This thread is for protecting your pages via SSL. The code in the first post will force most pages to be SSL.

 

Is the script not working for you? Did you follow all of the steps?

[vinbase]

Works perfect. Thank You

[MikeDVB]

Works great, thank you very much.

 

This has resolved some issues I was worried about (such as the WHMCS Back end and SSL)

[Lethanialist]

Worked well, glad to see this (I'm not htaccess-literate and wouldn't have known how to do this) as it greatly improves security.

[WHC - Travis]

I'll have to try it out. Thank you so much for sharing this!

[tmhost]

The only issue i have with this is when i put the .htaccess in my cron jobs stop working, as soon as the code is put into the .htaccess for redirect the cron jobs are gone. Is there something i can put in to prevent this happening?.

[RPS]

The only issue i have with this is when i put the .htaccess in my cron jobs stop working, as soon as the code is put into the .htaccess for redirect the cron jobs are gone. Is there something i can put in to prevent this happening?.

- Try this untested code instead:

 

RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/whmcs/admin/cron.php [NC]
RewriteCond %{REQUEST_URI} !^/whmcs/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} !^/whmcs/admin/cron.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/dl.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

 

Btw, do you have an SSL cert currently installed?

[tglander]

Hi, this was a great tip. I used it and it works great. My .htaccess file was blank. I downloaded it to my desktop, added the code, named the file ht.txt, uploaded it to my server, then renamed the file .htaccess. Made the mods in the config area, and it works great.

 

Thanks for the post. Things are getting better all the time.

[tmhost]

- Try this untested code instead:

 

RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/whmcs/admin/cron.php [NC]
RewriteCond %{REQUEST_URI} !^/whmcs/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} !^/whmcs/admin/cron.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/dl.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

 

Btw, do you have an SSL cert currently installed?

 

 

Yes i have a ssl cert installed and active.

[tmhost]

When i put a .htaccess file into my public_html i get a Internal Server Error 500 error in WHMCS

[RPS]

Add each line in steps and see where the problem lies...

 

Start with this:

 

RewriteEngine on

 

Then

 

RewriteEngine on
Options +FollowSymlinks

 

Then

 

Then RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/whmcs/admin/cron.php [NC]
RewriteCond %{REQUEST_URI} !^/whmcs/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

[tmhost]

I get the error as soon as i create the .htaccess file

[tmhost]

I fixed it. Thanx for your help the mod worked.

[RPS]

Care to post the fix so the next person with the htaccess problem knows what to do?

[Martin]

Can someone guide me how to use this on a sub-domain?

 

So that I can use it on http:// sub.domain.com

 

Regards,

Martin

 

[quote=RPS;57608

 

RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/whmcs/admin/cron.php [NC]
RewriteCond %{REQUEST_URI} !^/whmcs/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} !^/whmcs/admin/cron.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/dl.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

 

[vividhostingcom]

Can someone guide me how to use this on a sub-domain?

 

So that I can use it on http:// sub.domain.com

 

Regards,

Martin

 

I second this, this code doesn't work if your using a subdomain.....and if your trying to protect it using ssl for the admin either. Any help would be greatly appreciated......

[Martin]

Is there non who can tell me (and others) how this can be done with a sub domain:?

[stirton]

Assuming you therefore have your WHMCS in the 'root' of the sub-domain, I would guess that slight mod to the above should work ...

 

RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://subdomain.domain.com/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} ^/dl.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://subdomain.domain.com/$1 [R=301,L]

[Martin]

Stirton,

 

Thanks for the explanation, will trying it later and let know the outcome here.

 

Regards,

Martin

 

Assuming you therefore have your WHMCS in the 'root' of the sub-domain, I would guess that slight mod to the above should work ...

[Martin]

Stirton,

 

I have tested it and this code works like a charm when you put it in the htaccess file.

 

Thanks again.

 

Martin

 

Assuming you therefore have your WHMCS in the 'root' of the sub-domain, I would guess that slight mod to the above should work ...

 

RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://subdomain.domain.com/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} ^/dl.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://subdomain.domain.com/$1 [R=301,L]

[honkie2015]

it works great. Thanks

[dordal]

I think you can actually simplify it down to about four lines (this is for the subdomain case):

 

RewriteEngine on 

# Redirect WHMCS to secure server
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R,L]

 

And as detailed in the first post, set your WHMCS SSL System URL to blank, with an https:// entry in the 'standard' system URL setting.

 

This works (including dl.php) in IE7, FireFox and Safari. I don't have IE6 to try anymore.

[benblee]

I think you can actually simplify it down to about four lines (this is for the subdomain case):

 

RewriteEngine on 

# Redirect WHMCS to secure server
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R,L]

 

And as detailed in the first post, set your WHMCS SSL System URL to blank, with an https:// entry in the 'standard' system URL setting.

 

This works (including dl.php) in IE7, FireFox and Safari. I don't have IE6 to try anymore.

 

This slims it down, but does it avoid the downloads section problem as mentioned in the very first post. I know most web people don't use IE, but most stats say that over 70% of we browser use is IE...so, I guess I have to cater to it for now:?