Recent Topics

1 Dec 06, 2018 05:25    

To start and get this out of the way: I have SSL working on the front-end of my site. I did notice I had to select "Always use https" since otherwise even if a user explicitly used http:// the browser would give an icon showing that some parts of the page were not secure. This seems to be a bug, if you ask me: if a user requests https://, then b2evolution should serve out all page components with https://, respecting the user's request.

Choosing "Always use https" fixed this.

However, my main issue is: how do I get https:// forced for the back-end dashboard pages? Even if I explicitly ask for https:// then I get that same notice I mention above, but in this case I can find no "Always use https" that applies to the back-end.

What do you see?


The web browser reporting that not all parts of the page is secure when "Allow both http and https as valid URLs" is selected in the config and then the user explicitly uses https://. And the same behavior on the dashboard/admin pages when https:// is used, since there appears no option in settings to force https:// for the admin pages. (mentioned originally above)

Provide a complete screenshot of the problem (with minimal cropping ans showing the URL in the address bar). If possible, annotate the screenshot with arrows.


SSL question

If there is an error message, make sure to copy/paste the complete message, not just a little part.


No error message (except the warning from the browser, see attachment)

What did you expect?


    []When "Allow both http and https as valid URLs" is set in the config, and a user explicitly requests https://, then all parts of the page should honor this (mentioned originally above) []Same as #1 for the admin pages, or an option in the admin pages to "Always use https" the same way you can for the front-end (mentioned originally above)

What have you already tried?


    []Setting "Allow both http and https as valid URLs" and then explicitly requesting https://. (mentioned originally above) []Searching settings for an option to "Always use https" for the back-end admin pages (mentioned originally above)

URL of the affected site/page. If we can see it/test it, we can advise much faster.


I don't believe it is special/unique to my blog, and I didn't want to advertise my blog. If you don't see this behavior yourselves, let me know.

Exact b2evolution version number.


6.10.4-stable

Name of your webhost. Many of them have specific configurations that may require specific actions.


MDD Hosting

2 Dec 08, 2018 00:12

We're happy to provide Free support but we're not happy to waste time hunting down the bare minimum info we need.
Please go back to edit your post, read the instructions and properly provide all needed info for us to be able to help efficiently.

3 Dec 08, 2018 08:02

Additional information added to first post as requested

4 Dec 08, 2018 23:21

Thanks for the extra info.

even if a user explicitly used http:// the browser would give an icon showing that some parts of the page were not secure. This seems to be a bug, if you ask me: if a user requests https://, then b2evolution should serve out all page components with https://, respecting the user's request.

This is incoherent. Based on your screenshot, I assume you mean if a user explicitly used https:// with an s ?

Please open the DOM inspector of your browser and look at the error log. What are the URLs that are not secure?

If you're going to allow both http and https you need to configure all relative URLs here: https://b2evolution.net/man/assets-url-cdn-settings

However, my main issue is: how do I get https:// forced for the back-end dashboard pages?

You have to change the baseurl in your base config file.

5 Jan 14, 2019 03:06

if your provider accept, you can force SSL with .htaccess

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Form is loading...