Changes between Version 7 and Version 8 of PermRedirectPlugin


Ignore:
Timestamp:
Nov 20, 2012 4:01:06 PM (2 years ago)
Author:
ejucovy
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • PermRedirectPlugin

    v7 v8  
    4242The plugin provides a feature to ensure that all requests to the login page occur over HTTPS, which can be enabled per the "usage" section above.  This will intercept all requests to http://hostname.com/login and redirect them to https://hostname.com/login instead.  In order for this feature to work, you must configure your web server to accept HTTPS requests on port 443.  This feature will only work if your web server is serving HTTP requests on port 80 and HTTPS requests on port 443; no other configurations are currently supported.  Also, '''this feature should only be enabled if you are using AccountManager to handle login.'''  If your site's login occurs in the web server (e.g. Apache authentication) then this feature will not be able to secure your login handler. 
    4343 
    44 It is also possible to implement a similar feature without this plugin at all, using RewriteRules in your Apache configuration.  This alternative approach must be used if you are handling login through the Apache web server.  Your Apache configuration would include lines like: 
     44It is also possible to implement a similar feature without this plugin at all, using `RewriteRules` in your Apache configuration.  This alternative approach must be used if you are handling login through the Apache web server.  Your Apache configuration would include lines like: 
    4545{{{ 
    4646# Redirect all login pages to https 
     
    4848RewriteRule ^/([^/]+)/login$ https://%{HTTP_HOST}:443/$1/login [L, NE] 
    4949}}} 
     50 
     51(Note the `[NE]` (no-escape) flag -- this is important!  See "Frequently Asked Questions" below.) 
    5052 
    5153For more details, see the various example configurations posted in comments at http://trac.edgewall.org/ticket/4733