Page 1 of 1

CakePHP force SSL Question

Posted: Sat Jan 31, 2015 12:53 pm
by david_allen
Hey all,

I recently had a developer build a website for me, and he did it in the CakePHP framework. Everything works well, but because I process payments on this website I need to force an SSL connection. I have a PCI Compliant server, I have the certificate installed, all good to go. Problem is, I am struggling to force the SSL connection.

Usually I would do that through the .httpaccess file, but I am completely unfamiliar with CakePHP and how it routes its page requests. Hopefully someone here can help me out. The .httpaccess file in the sub-directory that holds this website looks like this currently.

Code: Select all

<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteRule    ^$ app/webroot/    [L]
   RewriteRule    (.*) app/webroot/$1 [L]
</IfModule>
Any help would be appreciated!

Re: CakePHP force SSL Question

Posted: Sat Jan 31, 2015 1:41 pm
by Celauran
If you have control over the vhost settings, do it there instead. Otherwise you can edit the .htaccess file in the webroot. Where exactly that's located depends on the version of Cake.

Code: Select all

RewriteCond %{HTTPS} != on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L]

Re: CakePHP force SSL Question

Posted: Sat Jan 31, 2015 2:44 pm
by david_allen
Here is the .htaccess file in /webroot/

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>
Inserting the HTTPS RewriteCond is easy enough, but how to I edit this rule?

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{HTTPS} != on
    RewriteRule ^ index.php [L]
</IfModule>

Re: CakePHP force SSL Question

Posted: Sat Jan 31, 2015 3:01 pm
by Celauran
You don't. It's a separate rule.

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTPS} != on
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

Re: CakePHP force SSL Question

Posted: Sat Jan 31, 2015 3:09 pm
by david_allen
I get an internal server error with that one.

Re: CakePHP force SSL Question

Posted: Sat Jan 31, 2015 5:03 pm
by david_allen
Was able to make it work with:

Code: Select all

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.url.org/dir/$1 [R,L]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>
It loaded the pages with https:// but then I had an issue using my login script. I kept receiving an error that the username and password couldn't be found. I did some digging and found the easy fix by changing the core.php file in /Config/

Code: Select all

define("BASE_URL",'http://url.org/dir/');
to

Code: Select all

define("BASE_URL",'https://url.org/dir/');
Thanks for the help!