[pmwiki-users] V2 SSL Mode? (was Re: Unable to save...)
L. Bell
labellz at earthlink.net
Thu Nov 16 11:58:49 CST 2006
Hello again.
Wrote earlier this week about not being able to save edited pages.
I had an Apache rewrite rule to map http -> https, trying to force
Apache to SSL:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.mydomain.org/$1 [R,L]
It worked great for read-only HTML and wiki pages.
But it prevented wiki from saving edited pages.
(Note: both wikilib.d and wiki.d dirs are set with permissions = 777)
When I delete the rewrite rule, wiki works - I can save edited pages.
And when it is present, I can not.
1) Why would this apache rule allow wiki reads, but not edits?
(Academic Curiosity)
Here's what I need to achieve, and I don't really care how:
User authentication
Forced author names
SSL always (performance is not a concern)
If possible, no cookies.
Looks like in V1, one could do a forced SSL/URL redirect within PmWiki.
There was a V1 Cookbook recipe called "SwitchToSSLMode". I think
that recipe evolved from a thread on this list in April, 2004.
(Excerpts from two key emails and the V1 Recipe provided below, for
reference.)
2) Why doesn't the SwitchToSSLMode recipe appear in the V2 cookbook?
I wanted to see what happened, so I tried the V1 recipe anyways.
Added the following lines to my local/config.php:
----------------------
18 $ScriptUrl = str_replace('http:','https:',$ScriptUrl,1);
19 $PubDirUrl = str_replace('http:','https:',$PubDirUrl,1);
20
21 # Redirect http: request to https: using PmWiki's
22 # Redirect-to-page function.
23 # Force to SSL mode.
24 if ($_SERVER['SERVER_PORT'] != 443) {
25 if (!@$pagename) { header("Location: $ScriptUrl");
26 } else { Redirect($pagename); }
27 }
----------------------
FIREWORKS!!
Got the following error messages when trying to load the Main page:
Warning: Wrong parameter count for str_replace() in
/pmwiki/local/config.php on line 18
Warning: Wrong parameter count for str_replace() in
/pmwiki/local/config.php on line 19
Warning: Cannot modify header information -
headers already sent by (output started at
/pmwiki/local/config.php:18) in
/pmwiki/local/config.php on line 25
Warning: Cannot modify header information -
headers already sent by (output started at
/pmwiki/local/config.php:18) in
/pmwiki/pmwiki.php on line 870
Which leads me to...
3) Can the SwitchToSSLMode recipe be modified to work in V2?
(2.1.14, in particular.) Or has it been deprecated in favor of some
new method? If so, what?
Thanks!
Liz
===========================================================
From Cookbook-V1 / SwitchToSSLMode
(http://www.pmwiki.org/wiki/Cookbook-V1/SwitchToSSLMode)
===========================================================
...
By default, PmWiki will happily deliver pages via SSL (HTTPS). This
recipe explains how to force PmWiki to switch to HTTPS (or to HTTP).
Switching to SSL mode is done in two steps:
1) Set $ScriptUrl and $PubDirUrl to your secure path to PmWiki.
2) If a http: URL is requested, redirect to the https: URL.
You can specify secure paths for $ScriptUrl and $PubDirUrl in the
ordinary manner.
# $ScriptUrl is your preferred URL for accessing wiki pages
# $PubDirUrl is the URL for the pub directory.
$ScriptUrl = 'https://your/secure/path/to/pmwiki.php';
$PubDirUrl = 'https://your/secure/path/to/pub';
Another way to set a secure path for $ScriptUrl and $PubDirUrl is to
include the following lines, which change http: URLs to https: URLs.
# Automatically adjust $ScriptUrl to use HTTPS.
$ScriptUrl = str_replace('http:','https:',$ScriptUrl,1);
$PubDirUrl = str_replace('http:','https:',$PubDirUrl,1);
Once $ScriptUrl and $PubDirUrl are configured for SSL, you can
redirect incoming http: requests to the equivalent https: URL with
these lines:
# Redirect http: request to https: using PmWiki's
# Redirect-to-page function.
# Force to SSL mode.
if ($_SERVER['SERVER_PORT'] != 443) {
if (!@$pagename) { header("Location: $ScriptUrl");
} else { Redirect($pagename); }
}
...
===========================================================
End Cookbook-V1 / SwitchToSSLMode
===========================================================
===========================================================
From pmwiki_users list archive:
===========================================================
On Mon, Apr 12, 2004 at 01:42:22PM -0700, H. Fox wrote:
>
> Patrick R. Michaud wrote:
> > # Force to SSL mode
> > $ScriptUrl = str_replace('http:','https:',$ScriptUrl,1);
> > $PubDirUrl = str_replace('http:','https:',$PubDirUrl,1);
> > if (! <at> $_SERVER['HTTPS']) { header("Location:
$ScriptUrl"); exit(); }
>
> That does look better. How about using
>
> if (! <at> $_SERVER['HTTPS']) { header("Location: $ScriptUrl.'/'.
$pagename");
> exit(); }
>
> for the last line? I added ".'/'.$pagename" because otherwise if the
> HTTP URL referred to a WikiPage the redirect went to the default
> HomePage rather than the WikiPage-over-SSL. Would using
> ".'?pagename='.$pagename" instead be more compatible? Both work, but
> the first produces a cleaner-looking URL.
You can also do
if (! <at> $_SERVER['HTTPS']) Redirect($pagename);
which takes advantage of PmWiki's Redirect-to-page function, and
provides
redirects-via-HTML for servers that don't properly process the Location:
header.
> (My original version tested for $_SERVER['SERVER_PORT'] rather than
> $_SERVER['HTTPS'] because I saw the note about "environment variables
> that in some cases may not be provided by the web server" on
> SquirrelMail plugin page referenced in the earlier posting.
Either way
> is effective on my server.)
I checked IIS and Apache and both supply the 'HTTPS' variable
in the environment, which is why I used it. I need to read the
SquirrelMail reference, too (thanks).
> > $ScriptUrl = 'https://secure27.vosn.net/~pmichaud/wiki';
> >
>
> You could use the same code "in reverse" to force HTTP instead of
HTTPS,
> but using SSL only for certain sensitive pages would mean having two
> possibles values for $ScriptUrl, one for HTTP pages and one for HTTPS
> pages. Could SSL-mode[on|off] somehow be made an attribute of a
page or
> WikiGroup? (I don't need this right now. Just wondering...)
It can certainly be done through per-page or per-group customization
files. One could also create a $BrowseDirectives entry that does
something similar based on the markup contents of a wiki page
(I'll write it up if anyone needs it).
Pm
===========================================================
From: H. Fox <haganfox <at> users.sourceforge.net>
Subject: Re: Easily Hackable?
Newsgroups: gmane.comp.web.wiki.pmwiki.user
Date: 2004-04-12 21:37:19 GMT
>>> # Force to SSL mode
>>> $ScriptUrl = str_replace('http:','https:',$ScriptUrl,1);
>>> $PubDirUrl = str_replace('http:','https:',$PubDirUrl,1);
>>> if (! <at> $_SERVER['HTTPS']) { header("Location:
$ScriptUrl"); exit(); }
>>
>>That does look better. How about using
>>
>>if (! <at> $_SERVER['HTTPS']) { header("Location: $ScriptUrl.'/'.
$pagename");
>>exit(); }
This should have been:
if (! <at> $_SERVER['HTTPS']) { header("Location: $ScriptUrl/
$pagename");
exit(); }
> You can also do
>
> if (! <at> $_SERVER['HTTPS']) Redirect($pagename);
>
> which takes advantage of PmWiki's Redirect-to-page function, and
provides
> redirects-via-HTML for servers that don't properly process the
Location:
> header.
That works, too. Maybe this is the best option then, unless there's a
drawback to using redirects-via-HTML. IIRC HTML redirects can be
disabled in some browser. Would some page contents come through if so?
I tried
if (! <at> $_SERVER['HTTPS']) { Redirect($pagename); exit(); }
and it works, but maybe the exit(); is redundant.
Hagan
More information about the pmwiki-users
mailing list