Yii2 https URLs do not work - https

I try to run my local copy of my yii2 site with https.
I use this in config to force http url to https
'on beforeRequest' => function ($event) {
if(!Yii::$app->request->isSecureConnection){
$url = Yii::$app->request->getAbsoluteUrl();
$url = str_replace('http:', 'https:', $url);
Yii::$app->getResponse()->redirect($url);
Yii::$app->end();
}
},
The only url I can reach is the home page i.e. a bare url such as
example.ext
Other URLs give
Not Found The requested URL /site/index was not found on this server.
When removing the 'onbeforerequest' in the config, I can reach every http URL.
Question: why https URLs become unreachable?

Eventually I made out that there was no url rewrite for pretty url in the virtualhost litening to 443 port.
Adding the recommended rewrite rule in it solved the problem.
#stfsngue: Thank you for comment
Do you see any particular reason for preferring .htacces to 'onbeforeRequest' to force https?

Related

Laravel: how to generate https url

I'm using Laravel 5.4 and have a question.
Is it possible to generate an https URL of the specific URL? I have a URL, e.g: login, and want to open it in https, not HTTP.
how can I force Laravel to open url('login') in https mode?
There is helper function secure_url(). The secure_url function generates a fully qualified HTTPS URL to the given path for e.g
$url = secure_url('user/profile');
If you want only some links in https, you can try this (force a group of routes to https):
Route::group(['scheme' => 'https'], function () {
// Route::get(...)->name(...);
});
Similar to this question: How to force Laravel Project to use HTTPS for all routes?

Nginx https redirects - stop further rules processing

I'm trying to configure http and https redirects from an old site to a new one.
According to the rewrite directive docs:
If the replacement string begins with http:// then the client will
be redirected, and any further rewrite directives are terminated.
And I'm trying to achieve the same with https to no avail.
This is my server config:
listen 80;
listen 443 ssl;
server_name mydomain.com
rewrite ^/path/resource(.*)$ $scheme://newdomain.com/newpath/resource$1 permanent;
...
return 301 http://newdomain.com/newpath/;
Using http I get what I'm looking for: if I access mydomain.com/path/resource I'm redirected to newdomain.com/newpath/resource.
However, the same with https redirects me to http://newdomain.com/newpath/.
I have rewrite_log on and in both cases the rewrite rule is matched but the https protocol does not stop further rules processing.
I have the feeling that either I'm missing something really obvious or I'm not approaching this problem properly. I wouldn't mind doing this in any different way at all if it works.
Have any of you out there any idea on how to achieve the http redirect with https too?
I usually like to use return instead of rewrite for redirects, try matching the path with a location block
location ~ /path/resource(.*) {
return 301 $scheme://newdomain.com/newpath/resource$1;
}
I think this way you know for sure there will be no further processing, because it's only 1 line, try it and tell me how it goes.
PS: This will maintain the $scheme of the request, requests to http:// will be redirected to a http:// and https:// will be redirected to https://

Https (SSL) in Codeigniter not working properly

I have a CI site with several form using jquery .click function, when I was in http its worked well, when I change to https all the form click button cannot be fire, its happen in localhost and in web host as well, is that anything need to config to run CI in https?
please advise and thanks!
Solved:
I just remove the url from $config['base_url'], and now the issue is solved, but I wonder how come when running https couldn't set value on $config['base_url']? hope someone would clear my doubt.
Thanks guy for taking time to view my question.
Set your base_url protocol independent:
$config['base_domain'] = 'yourdomain.com'; // a new config item if you need to get your domain name
if (isset($_SERVER['HTTP_HOST']))
{
$protocol = ($_SERVER['SERVER_PORT'] == 443 ? 'https://' : 'http://');
$config['base_url'] = $protocol.$_SERVER['HTTP_HOST'];
$config['base_url'] .= str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
}
else
{
$config['base_url'] = '';
}
I am guessing your ajax request fails because you are trying to access no-secure content from a secure site.
I had a similar issue. I simply changed the base URL from HTTP to HTTPS in the config file and it worked well for both protocols.
# Base URL in codeigniter with HTTP
$config['base_url'] = 'http://mysite.abc/';
# Base URL in codeigniter with HTTPS
$config['base_url'] = 'https://mysite.abc/';
Remember, when you change HTTP to HTTPS, the site should work well for both protocols but it doesn't work the other way around.

rewrite url to url:port number

how can I rewrite the next url request:
http://mydomain.com/virtualDirectory/default.aspx?param1=2&param2=car
to:
http://mydomain.com:8888/virtualDirectory/default.aspx?param1=2&param2=car
Best regards.
You should install the URL Rewrite and the ARR (Application Request Routing) modules for IIS. Here are two links on how these can work together to create a reverse proxy to do what you want:
Reverse Proxy with URL Rewrite v2 and Application Request
Routing
Setting up a Reverse Proxy using IIS, URL Rewrite and
ARR

Kohana sessions with Https

I have a a main controller that checks if session security is set and If not it will redirect to secure controller.
The problem is the secure controller is through https, it checks password and sets the session and redirects to main controller. I cant access the session set through https in http.
How do I use https and redirect to normal http then? I need the sessions in http and https
Anyideas?
EDIT
OK, I checked around and it is not realy possible without keeping things secure.
One option is to have the session sent over GET but its obviously insecure, So what if after checking login I redirect them to a https form that posts the session to a normal http page, at the html page i check the headers and make sure it came from my https page.
Does that sound secure to you??
Make your entire app HTTPS. Attached is the block I use for almost all my sites, redirecting everything on 80 to 443.
##
# Sample config for a site needing SSL
#
$HTTP["host"] =~ "^ssl_example.localhost(:[0-9]+)?$" {
# Serve everything over HTTPS
$SERVER["socket"] == ":80" {
url.redirect-code = 301
url.redirect = ( "/(.*)" => "https://ssl_example.localhost:%1/$1" )
}
# This would be a great place to test SSL config for QA/Dev zones...
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = rootdir + "/etc/ssl/example.pem"
server.document-root = "/home/crosslight/ssl_example/default"
accesslog.filename = rootdir + "/var/log/ssl_example.log"
server.errorlog = rootdir + "/var/log/ssl_example.error.log"
server.tag = "Crosslight (lighttpd-1.4.28 + php-5.3.3) / SSL"
// CodeIgniter/Kohana rewrite rules
url.rewrite-once = (
"^/index\.php" => "/index.php", #truncate index.php?params to just index.php
#### Serve static content
"^/(static.*)" => "/$1",
"^/(blog.*)" => "/$1",
"^/(.*)$" => "/index.php/$1"
)
}
}
Why not make your whole page part of the secure site (https)? I don't see a way to do the http => https conversion without passing the GET key between sites.
I don't think it's such a huge security concern if your logic is to take the session id (only the key) from a cookie on the http side of the house and make it a cookie (manually) on the https side of the house. You can then perform your normal session handling validation to see if it is a valid session. Isolates your logic from abuse as much as possible.
In the backend, you can share the session information between the sites or you can trigger a copy from the http to https based on the session id retrieved. Depends on your architecture.

Resources