/admin in https

That's part of the issue, but it'd be nice if *every* link
to /admin
(or /accounts) used https while non-authenticated links
still use
http.  That's a bit harder to do from Apache.


Scott

On 9/21/06, Linda Derezinski <lindainnovatesolutions.com>
wrote:
> Scott,
>
> I believe that the rails team has already done this for
you  
>
> In the the httpd.conf in your <VirtualHost *:443>
record add this
>
> RequestHeader set X_FORWARDED_PROTO "https"
>
> Then all of your url_for() will correctly render https
or http depending on
> the RequestHeader parameter
>
> I'm not a sys admin ... Nor do I play on on TV... This
is where I learned
> about this little gem.  (Also I should mention that we
are running apache 2/
> Mongrel Rails)
>
> http://
www.planetrubyonrails.org/show/feed/60
>
> -Linda Derezinski
>
>
>
> On 9/21/06 10:25 AM, "Scott Laird"
<scottsigkill.org> wrote:
>
> > On 9/21/06, Beber <bebermeleeweb.net> wrote:
> >> Trejkaz <trejkaztrypticon.org>
> >>
> >>> On Wednesday 20 September 2006 21:10,
Beber wrote:
> >>>> Hi,
> >>>>
> >>>> Is there a way to make the /admin into
https and everything else in http ?
> >>>
> >>> I do this on the Apache side using
redirects, but it isn't pretty.
> >>
> >> I tried that and with ProxyPass setting and it
only fails. Could you
> >> paste me your redirection ?
> >
> > Sooner or later I'd like to make this a config
option--if it's set,
> > then Typo generates all /admin URLs with https://.  That'd probably be
> > easier.  Feel free to submit a patch .
> >
> >
> > Scott
> > _______________________________________________
> > Typo-list mailing list
> > Typo-listrubyforge.org
> > http:
//rubyforge.org/mailman/listinfo/typo-list
>
>
>
_______________________________________________
Typo-list mailing list
Typo-listrubyforge.org
http:
//rubyforge.org/mailman/listinfo/typo-list

In my case we turned the entire site into https, so that
solved my problem.

(Did I mention that I'm not a sysadmin 
where is the flaw in this logic?
Add proxy pass for /admin /accounts in the *:80 record to
the https urls.
Add the X_FORWARDED_PROTO to the :443 record.

My thought is that if rails produces a /admin or /accounts
url with http
then the proxypasses will convert it to https.

Unless your point is that once in https there is no way to
return to http?
So you would end up putting proxypasses in https to point
/articles etc to
http.


-Linda



On 9/21/06 4:23 PM, "Scott Laird" <scottsigkill.org> wrote:

> That's part of the issue, but it'd be nice if *every*
link to /admin
> (or /accounts) used https while non-authenticated links
still use
> http.  That's a bit harder to do from Apache.
> 
> 
> Scott
> 
> On 9/21/06, Linda Derezinski <lindainnovatesolutions.com> wrote:
>> Scott,
>> 
>> I believe that the rails team has already done this
for you  
>> 
>> In the the httpd.conf in your <VirtualHost
*:443> record add this
>> 
>> RequestHeader set X_FORWARDED_PROTO
"https"
>> 
>> Then all of your url_for() will correctly render
https or http depending on
>> the RequestHeader parameter
>> 
>> I'm not a sys admin ... Nor do I play on on TV...
This is where I learned
>> about this little gem.  (Also I should mention that
we are running apache 2/
>> Mongrel Rails)
>> 
>> http://
www.planetrubyonrails.org/show/feed/60
>> 
>> -Linda Derezinski
>> 
>> 
>> 
>> On 9/21/06 10:25 AM, "Scott Laird"
<scottsigkill.org> wrote:
>> 
>>> On 9/21/06, Beber <bebermeleeweb.net> wrote:
>>>> Trejkaz <trejkaztrypticon.org>
>>>> 
>>>>> On Wednesday 20 September 2006 21:10,
Beber wrote:
>>>>>> Hi,
>>>>>> 
>>>>>> Is there a way to make the /admin
into https and everything else in http
>>>>>> ?
>>>>> 
>>>>> I do this on the Apache side using
redirects, but it isn't pretty.
>>>> 
>>>> I tried that and with ProxyPass setting and
it only fails. Could you
>>>> paste me your redirection ?
>>> 
>>> Sooner or later I'd like to make this a config
option--if it's set,
>>> then Typo generates all /admin URLs with https://.  That'd probably be
>>> easier.  Feel free to submit a patch .
>>> 
>>> 
>>> Scott
>>> _______________________________________________
>>> Typo-list mailing list
>>> Typo-listrubyforge.org
>>> http:
//rubyforge.org/mailman/listinfo/typo-list
>> 
>> 
>> 


_______________________________________________
Typo-list mailing list
Typo-listrubyforge.org
http:
//rubyforge.org/mailman/listinfo/typo-list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 22/09/2006, at 05:23 AM, Scott Laird wrote:

> That's part of the issue, but it'd be nice if *every*
link to /admin
> (or /accounts) used https while non-authenticated links
still use
> http.  That's a bit harder to do from Apache.

Part of the problem I had with this kind of trick from
Apache was  
that the admin interface still links to various resources  
(stylesheets, image files) which are outside the /admin URL
scheme.   
So I had to put in a whole set of extra rules to make those
ones not  
auto-redirect back to http:, otherwise browsers would give a
bunch of  
security warnings (displaying non-secure resource from
secure page,  
etc.)

TX

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFH2PpuMe8iwN+6nMRAjxGAJkBBF2+c6bpEVuHwreOf8f64OWu3wCe
NVRS
BhUODYxqS2YLtufJIM0IlO0=
=FbEW
-----END PGP SIGNATURE-----
_______________________________________________
Typo-list mailing list
Typo-listrubyforge.org
http:
//rubyforge.org/mailman/listinfo/typo-list