CakePHP force SSL Question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
david_allen
Forum Newbie
Posts: 4
Joined: Sat Jan 31, 2015 12:46 pm

CakePHP force SSL Question

Post by david_allen »

Hey all,

I recently had a developer build a website for me, and he did it in the CakePHP framework. Everything works well, but because I process payments on this website I need to force an SSL connection. I have a PCI Compliant server, I have the certificate installed, all good to go. Problem is, I am struggling to force the SSL connection.

Usually I would do that through the .httpaccess file, but I am completely unfamiliar with CakePHP and how it routes its page requests. Hopefully someone here can help me out. The .httpaccess file in the sub-directory that holds this website looks like this currently.

Code: Select all

<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteRule    ^$ app/webroot/    [L]
   RewriteRule    (.*) app/webroot/$1 [L]
</IfModule>
Any help would be appreciated!
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: CakePHP force SSL Question

Post by Celauran »

If you have control over the vhost settings, do it there instead. Otherwise you can edit the .htaccess file in the webroot. Where exactly that's located depends on the version of Cake.

Code: Select all

RewriteCond %{HTTPS} != on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L]
david_allen
Forum Newbie
Posts: 4
Joined: Sat Jan 31, 2015 12:46 pm

Re: CakePHP force SSL Question

Post by david_allen »

Here is the .htaccess file in /webroot/

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>
Inserting the HTTPS RewriteCond is easy enough, but how to I edit this rule?

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{HTTPS} != on
    RewriteRule ^ index.php [L]
</IfModule>
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: CakePHP force SSL Question

Post by Celauran »

You don't. It's a separate rule.

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTPS} != on
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>
david_allen
Forum Newbie
Posts: 4
Joined: Sat Jan 31, 2015 12:46 pm

Re: CakePHP force SSL Question

Post by david_allen »

I get an internal server error with that one.
david_allen
Forum Newbie
Posts: 4
Joined: Sat Jan 31, 2015 12:46 pm

Re: CakePHP force SSL Question

Post by david_allen »

Was able to make it work with:

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.url.org/dir/$1 [R,L]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>
It loaded the pages with https:// but then I had an issue using my login script. I kept receiving an error that the username and password couldn't be found. I did some digging and found the easy fix by changing the core.php file in /Config/

Code: Select all

define("BASE_URL",'http://url.org/dir/');
to

Code: Select all

define("BASE_URL",'https://url.org/dir/');
Thanks for the help!
Post Reply