Redirection loop using https Topic is solved

[b0n3m4n]

Hey there!

I am in the process of securing my admin area with https. My webspace provider apparently uses a separate service for his https implementation, so assuming my original url is http://www.myurl.de, the https version would be https://ssl-account.com/myurl.de.

To redirect all traffic from http://www.myurl.de/admin to https://ssl-account.com/myurl.de/admin, I am using an .htaccess file in the admin folder with the following content like proposed on one of the cmsms help pages:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://ssl-account.com/myurl.de%{REQUEST_URI}

But what happens is that I get a "The page isn't redirecting properly" error in firefox indicating that an infinite redirection loop occurred. My assumption is that the rewriterule is trying to call https://ssl-account.com/myurl.de/admin/index.php which is then redirected by cmsms to http://www.myurl.de/admin/index.php which is then redirected by rewriterule and so on.

Can someone give me a hint what I need to change in cmsms to make this work?

Thanks a lot in advance!

b0n3m4n

[alby]

Can someone give me a hint what I need to change in cmsms to make this work?

Search in forum and documentation for admin in https

Alby

[b0n3m4n]

Thanks for the reply.

Actually I checked for that and tried the suggestion in http://forum.cmsmadesimple.org/index.ph ... l#msg49256
but when I made the changes suggested, the admin section was messed up and suddenly I could log in without password. So I was rather opting for a solution without having to make too many changes.

So what I was actually looking for is some explanation about the underlying mechanism at work here.

So far I understood that adding the RewriteRule to the admin directory's .htaccess will map any http://www.mysite.de/admin/[something] to https://www.ssl-account.com/mysite.de/admin/[something]. From there apparently a redirection happens to the original URL so the RewriteRule kicks in again.

My question would be where the second redirection could come from. Is there a mechanism in cmsms or could my provider be at fault with its www.ssl-account.com domain?

What I could do is drop the RewriteRule and just set www.ssl-account.com/mysite.de as root directory but that would force my visitors to use ssl for viewing the site (additional certificate popup) and it would uglify the url, so I would prefer the ssl to work only in the admin section.

Any information?
Thanks in advance.

b0n3m4n

Edit: By the way, I used the RewriteRule code from the Howto File at
http://wiki.cmsmadesimple.org/index.php ... mall_Guide

So if this turns out to be a general problem, it might be a good idea to mention a solution in the guide.

[b0n3m4n]

[bump]

I'm still having that problem. Since there are different suggestions in different threads throughout the past few years I am a bit confused as to which solution is supposed to work for which cmsms version.

I wasn't really able to spot any suggestion that works for my case:

website without ssl
admin with ssl only
ssl-server is not https://www.mysite.de but https://www.ssl-account.com/mysite.de

Any hints?