Secure pages module

drupal secure pages module
http://drupal.org/project/securepages 6.x-1.8 on 6.14
2009-10-03

Main function:
Make certain pages secure, specifying them as https.

Example function:
When you want to make the entry and view of personal information or purchase information secure.

Manage:
Enable/disable again in its own admin section.
Option: Switch back to http pages when there are no matches.
Enter the: Non-secure Base URL
Enter the: Secure Base URL
Specify which pages will be secure: All except listed/only listed
Specify ignored pages

Experience:
Secure pages module appears to work right out of the box.

When all of admin is secured, it is slow. So modified standard settings from:

node/add*
node/*/edit
user/*
admin*

Not sure if it makes sense to put the entire admin and nodes add/edit above in ssl.

changed to:

changed again to:
user/*
admin/user*
cart*
cart/*

Multilingual conversion:

Note that I'm using domains (de.domain.com, nl.domain.com) for languages. These are *not* prefixes as defined in Site configuration > Languages > Configure. It's: Domain name only.

Security works on a per domain basis. This has implications for subdomains. It goes for SSL in general and also for the out of the box secure pages module.

Standard set up is:
a single (1) standard base location, like: http://www.mydomain.com
a single (1) secure base location, like: https://www.mydomain.com

Subdomains based security would need to be set additionally:

a single (1) standard German base location, like: http://de.mydomain.com
a single (1) secure German base location, like: https://de.mydomain.com

I'll try multilingual variables (re i18n) to see if that will do it.

Found all seven secure pages variables in the variable database table. Actually I only want to specify the paths, they are: securepages_basepath (for the normal/http path) and securepages_basepath_ssl (for the ssl/https path). I think this might work (re i18n).

It's time to feed the fish first.

I'm using only these two variables in order to avoid confused ssl settings among the languages. Inserted in settings.php multilingual variables: They work. Super.

The language switcher will not switch languages/domains while in ssl, but this is should probably be intended bahavior. Any user language switching will anyway be limited to the index page (if at all).

√úbercart Problem:
When it is set for SSL, the ubercart checkout gets stuck in calculating shipping cost and order total. It works ok when not in SSL. Need to test if need to set other uc components to SSL in order to make this work.

But if i do that i lose my admin menu module - can't access other admin items. Need to disable that first... With all admin back in ssl the problem remains, stuck.

G*ogle Problem:
G is indexing https pages. I don't believe the entire site was ever in SSL'd, except possibly during setup trial for a few minutes or so. And I initially thought it would not do that. But it has indexed one language page with https prefix. Very strange. It must be stopped from indexing any https. Need to look into this. WIP.

Background note:
A dedicated IP is mandatory for all SSL, in general. A security certificate is needed for all SSL. Cpanel creation of certificate may appear to work, but might possibly be inactive (and will then require host support). Certificate site name must be exact (re: with/without www, or en, de, fr, nl subdomains), this is where the language domains issue comes in; I recall subdomain wildcard certificates as principally possible, but costly. At minimum the certificate can be self-signed (lots of browser warnings), that should be ok during site development phase.

Of course a good solution would be to switch from subdomain to prefix for all https pages, but that will require some code hacking... Don't know how to do it. Later.

Issue:
Secure admin makes the admin menu disappear. Discussed here with a patch: http://drupal.org/node/498754 091009

Comments

Thanks this helped me setup

Thanks this helped me setup securepages.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h2> <h3> <div> <br>
  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options

CAPTCHA
Thanks for your help in stopping spam.
Fill in the blank