https for all pages?

[echoleaf]

Is it possible to make WHMCS use https all the time instead of just the ordering/cart pages? Client logins should be secure too since their accounts have personal information. Thanks!

[chickendippers]

All the pages are secure, the Knowledgebase being the exception IIRC.

[echoleaf]

Thanks. Shouldn't the url be https then? I guess it's not a big deal as the shopping cart is the place where people really need to see the padlock.

[chickendippers]

They are https....at least on my installation.

[echoleaf]

Mine were all https a couple of days ago, but they seem to have switched to https for only the cart. How did you do it?

 

Maybe I messed up the settings - in the config's system url/ssl system url fields I've tried:

1) regular url, ssl url

2) ssl url, empty

3) empty, ssl url

4) ssl url, ssl url

 

I didn't change anything from when everything was ssl urls the other day, so I'm a bit puzzled. Thanks!

[chickendippers]

We've got option number 1.

[azrahn]

Hi,

 

We've got option number 2

works ok for us. All pages are https.

[uberhost]

It would suck if everyone on the web made unnecessary pages secure.

[echoleaf]

Login pages should have https, and clients can login on every single page. What do you consider unnecessary?

 

It would suck if everyone on the web made unnecessary pages secure.

[Matt]

With the WHMCS built in SSL switcher, all pages that contain clients data use SSL - that includes the client area, login pages, support tickets, order form, etc... The only pages that won't use SSL are the announcements, downloads, knowledgebase, domain checker & server status.

 

Matt

[uberhost]

Login pages should have https, and clients can login on every single page. What do you consider unnecessary?

 

Well, if you've modded your WHMCS then that's your choice. In a standard installation, every page does not have a login.

[JLHC]

Well, if you've modded your WHMCS then that's your choice. In a standard installation, every page does not have a login.

Are you sure? Have you forgotten about the side-bar login in the portal template?

[echoleaf]

Exactly - I haven't 'modded' anything. I just like the portal template.

 

@Matt: If a login page is http, is the login information secure at all? Is there some sort of magic switch to ssl once a login begins? Also, how does WHMCS know which pages should be secure and which shouldn't?

[JLHC]

Maybe I messed up the settings - in the config's system url/ssl system url fields I've tried:

1) regular url, ssl url

2) ssl url, empty

3) empty, ssl url

4) ssl url, ssl url

Where can I find this file?

[Summy]

It would suck if everyone on the web made unnecessary pages secure.

 

Why? Just curious as to your opinion.

[azrahn]

Where can I find this file?

 

Configuration > General Settings > General

[uberhost]

Why? Just curious as to your opinion.

 

If all pages on the web were SSL, the internet would be much slower than it is now.

[JLHC]

Configuration > General Settings > General

Yeah tried that but still showing http.

[Summy]

If all pages on the web were SSL, the internet would be much slower than it is now.

 

Right, but it's not a bad idea for an e-commerce web site.

[sparky]

You can force SSL/https with .htaccess using

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} somefolder 
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

The .htaccess file should be placed in the folder where you need to force HTTPS.

[echoleaf]

Thanks Steve - that was most helpful!

 

FYI, for anyone else trying it: I had to remove the ssl entry in 'Configuration > General Settings > General,' otherwise there was an error indicating a loop.