Secure pages module
drupal secure pages module
http://drupal.org/project/securepages 6.x-1.8 on 6.14
Make certain pages secure, specifying them as https.
When you want to make the entry and view of personal information or purchase information secure.
Enable/disable again in its own admin section.
Option: Switch back to http pages when there are no matches.
Enter the: Non-secure Base URL
Enter the: Secure Base URL
Specify which pages will be secure: All except listed/only listed
Specify ignored pages
Secure pages module appears to work right out of the box.
When all of admin is secured, it is slow. So modified standard settings from:
Not sure if it makes sense to put the entire admin and nodes add/edit above in ssl.
changed again to:
Note that I'm using domains (de.domain.com, nl.domain.com) for languages. These are *not* prefixes as defined in Site configuration > Languages > Configure. It's: Domain name only.
Security works on a per domain basis. This has implications for subdomains. It goes for SSL in general and also for the out of the box secure pages module.
Subdomains based security would need to be set additionally:
I'll try multilingual variables (re i18n) to see if that will do it.
Found all seven secure pages variables in the variable database table. Actually I only want to specify the paths, they are: securepages_basepath (for the normal/http path) and securepages_basepath_ssl (for the ssl/https path). I think this might work (re i18n).
It's time to feed the fish first.
I'm using only these two variables in order to avoid confused ssl settings among the languages. Inserted in settings.php multilingual variables: They work. Super.
The language switcher will not switch languages/domains while in ssl, but this is should probably be intended bahavior. Any user language switching will anyway be limited to the index page (if at all).
When it is set for SSL, the ubercart checkout gets stuck in calculating shipping cost and order total. It works ok when not in SSL. Need to test if need to set other uc components to SSL in order to make this work.
But if i do that i lose my admin menu module - can't access other admin items. Need to disable that first... With all admin back in ssl the problem remains, stuck.
G is indexing https pages. I don't believe the entire site was ever in SSL'd, except possibly during setup trial for a few minutes or so. And I initially thought it would not do that. But it has indexed one language page with https prefix. Very strange. It must be stopped from indexing any https. Need to look into this. WIP.
A dedicated IP is mandatory for all SSL, in general. A security certificate is needed for all SSL. Cpanel creation of certificate may appear to work, but might possibly be inactive (and will then require host support). Certificate site name must be exact (re: with/without www, or en, de, fr, nl subdomains), this is where the language domains issue comes in; I recall subdomain wildcard certificates as principally possible, but costly. At minimum the certificate can be self-signed (lots of browser warnings), that should be ok during site development phase.
Of course a good solution would be to switch from subdomain to prefix for all https pages, but that will require some code hacking... Don't know how to do it. Later.