Jump to content

Protect using SSL

RPS

By RPS
in Third Party Add-ons

 Share

Recommended Posts

  • Replies 176
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

wiszmaster Member

wiszmaster

Posted
Posted
I am planning to buy SSL certificate (cheap one) and try the code in this thread - I am wondering where I need to install SSL certificate before I can try following instructions for this secure folder which is whmcs.

 

You could install a self signed one for the time being to test, no?!

0
Link to comment
Share on other sites
  • 3 weeks later...
RPS Senior Member

RPS

Posted
  • Author
Posted
do not really get the problem with clients logging in while not under the protection of SSL.

- Some clients believe that when they enter confidential information into a page that does not have that secure lock on the browser, that their information is no secure.

0
Link to comment
Share on other sites
ES-Aizal Member

ES-Aizal

Posted
Posted (edited)

Anyone can give example htaccess for subdomain?

Let's say I have whmcs installed on https://my.server.com

 

Is there htaccess below correct? Assuming I put in in my /public_html/ folder and my.server.com is pointed to server.com/my/

 

Also, dl.php = downloads.php right?

 

 

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file

RewriteCond %{REQUEST_URI} !^/my/downloads.php [NC]

RewriteCond %{REQUEST_URI} ^/my/ [NC]

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://my.elevatedservers.net/$1 [R=301,L]

 

#Rewrite the URL for WHMCS dl area to always use http

RewriteCond %{REQUEST_URI} ^/my/downloads.php [NC]

RewriteCond %{SERVER_PORT} !^80$

RewriteRule ^(.*)$ http://my.elevatedservers.net/$1 [R=301,L]

Edited by ES-Aizal
0
Link to comment
Share on other sites
.amaZe Junior Member

.amaZe

Posted
Posted
Anyone can give example htaccess for subdomain?

Let's say I have whmcs installed on https://my.server.com

 

Is there htaccess below correct? Assuming I put in in my /public_html/ folder and my.server.com is pointed to server.com/my/

 

Also, dl.php = downloads.php right?

 

You have it wrong, it should be:

 

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/downloads.php [NC]
RewriteCond %{REQUEST_URI} ^/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://my.elevatedservers.net/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} ^/downloads.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://my.elevatedservers.net/$1 [R=301,L]

0
Link to comment
Share on other sites
juksells Member

juksells

Posted
Posted

Okay..

 

I want the exact same code. BUT, I want to force my entire site to use HTTPS instead of just forcing the WHMCS folder to use HTTPS. I still need the downloads to NOT use HTTPS because this causes errors, which is the whole point of this thread. I just want to force the whole site to use HTTPS, not just the WHMCS folder.

 

How can I change the code provided by the OP to do this?? :?

0
Link to comment
Share on other sites
  • 4 weeks later...
.amaZe Junior Member

.amaZe

Posted
Posted

How would I rewrite a sub-domain like this.

 

I changed the directory of my billing script, so I need everything to be re-directed to the new url.

 

For Example:

 

I want to redirect secure.nixism.com/blah/blah/etc to my.nixism.com/blah/blah/etc.

 

How would I do that?

0
Link to comment
Share on other sites
HostBizLng Senior Member

HostBizLng

Posted
Posted (edited)

Hello,

 

I've been reading this thread, very interesting topic, but when I went through my website, checked both admin and client areas, to my surprise everything (I mean everything) was accessed through secure https:// by default, without editing .htaccess file.

 

Probable reasons might be that:

 

1. In General settings I entered https:// URL of my website for all three fields - in 'the domain of my main website', in 'WHMCS system URL', and in 'WHMCS SSL system URL'.

 

2. WHMCS got aware about this topic being discussed and implemented https:// accessed throughout the system in V4 (WHMCS version that I am using at this moment.)

 

But now after reading this thread, I read about the problems that arise when using 'Downloads' with secure connection. What exact problems/errors that 'Downloads' causing with secure connection? Should I now try to force 'Downloads' to be accessed through http://?

 

Interesting.

 

Sincerely,

Serg

Edited by HostBizLng
0
Link to comment
Share on other sites
RPS Senior Member

RPS

Posted
  • Author
Posted
But now after reading this thread, I read about the problems that arise when using 'Downloads' with secure connection. What exact problems/errors that 'Downloads' causing with secure connection? Should I now try to force 'Downloads' to be accessed through http://?

- Due to the way the downloads are being sent through PHP, it doesn't work over SSL with mod_rewrite. The downloads I believe either end up corrupted, or it never starts. I forget which one it is. That's corrected though using the code in the first post.

0
Link to comment
Share on other sites
HostBizLng Senior Member

HostBizLng

Posted
Posted

Hello RPS,

 

So considering that I have no issues to access entire WHMCS folder through secure connection (as I noted in my previous post) without 'Rewrite the URL for WHMCS to always use https,' I assume I only need 'Rewrite the URL for WHMCS dl area to always use http' to force Downloads to be accessed through unsecured http connection? Am I right?

 

Sincerely,

Serg

0
Link to comment
Share on other sites
RPS Senior Member

RPS

Posted
  • Author
Posted
I assume I only need 'Rewrite the URL for WHMCS dl area to always use http' to force Downloads to be accessed through unsecured http connection? Am I right?

- Does it work right now? What happens when you try to download something in IE?

0
Link to comment
Share on other sites
HostBizLng Senior Member

HostBizLng

Posted
Posted

RPS,

 

I haven't tested Downloads yet, and would love to test and see for myself before I proceed with this fix. Because, as with example here, when most of the people in this thread had issues accessing some areas of WHMCS through secure connection, I tested my WHMCS installation (both admin and client areas) and didn't have any area of my WHMCS that was accessed without secure https.

 

I am in the middle of something right now, so can't allocate time to test Downloads at this moment, but I am very interested about details of issues that Downloads causing over secure connection.

 

Thank you for your quick response! I'll be back to this thread soon.

 

Sincerely,

Serg

0
Link to comment
Share on other sites
HostBizLng Senior Member

HostBizLng

Posted
Posted (edited)

RPS,

 

Literally every single page is accessed through secure https connection, both admin and client areas. But it wasn't so when I had V3 and when I installed SSL on subdomain, and used root domain for WHMCS license.

 

Now my site URL is subdomain with SSL installation, and that secure subdomain is redirected to my WHMCS system folder, making it my system folder URL, and it is my WHMCS SSL system URL. And that's what I meant in my initial reply to this thread.

 

Example: I used 'https://secure.mydomain.com' in every field of General Settings, making it my main domain name, WHMCS system URL, and ofcourse WHMCS SSL system URL. In my cPanel I simply redirected my root domain 'mydomain.com' to 'secure.mydomain.com'. That's it.

 

Sincerely,

Serg

Edited by HostBizLng
0
Link to comment
Share on other sites
RPS Senior Member

RPS

Posted
  • Author
Posted

Please confirm that:

 

1) Knowledgebase URL is forced to HTTPS - when you go to http://www.domain.com/knowledgebase.php it redirects you to https://www.domain.com/knowledgebase.php

2) Announcements URL is forced to HTTPS - when you go to http://www.domain.com/announcements.php it redirects you to https://www.domain.com/announcements.php

3) You have not edited any .htaccess settings at all, you're basically using a regular version of WHMCS.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept