Pals
How can i do to only use SSL in login page? I mean, i want my hole rt in
http but the login/password page in https
Best Regards for all!
Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com
Pals
How can i do to only use SSL in login page? I mean, i want my hole rt in
http but the login/password page in https
Use some kind of mod_rewrite rules in your apache configuration to
force redirection in https for root path.
But after the login, the page will return to http?
Regards
Pals
How can i do to only use SSL in login page? I mean, i want my hole rt in
http but the login/password page in httpsUse some kind of mod_rewrite rules in your apache configuration to
force redirection in https for root path.
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com
But after the login, the page will return to http?
humm, no because it’s the same url 
you can also modify the login page to do the POST using https, but that
doesn’t solve this.
sure it’s possible, but that will need more modifications I think and I
don’t have yet enough time to find which 
or … use full https for you’re RT 
I have found this, but i’m not sure how to apply in my 3.8.2 installation…
rt-3.4.4-ForceHTTPSLogin.patch
Warning: this patch is under devel, barely tested!!!
- Redirect to https when credentials are not found;
- Redirect to http when credentials are found;
- Changed cookiename removing SERVER_PORT.
diff -uNr rt-3.4.4.orig/html/autohandler rt-3.4.4/html/autohandler
— rt-3.4.4.orig/html/autohandler 2005-02-01 14:20:40.000000000 +0000
+++ rt-3.4.4/html/autohandler 2006-01-06 03:51:29.000000000 +0000
@@ -72,6 +72,11 @@
$m->comp(‘/Elements/SetupSessionCookie’, %ARGS);
+# check credentials and HTTPS, if so redirect to HTTP
+if ($session{‘CurrentUser’} && $session{‘CurrentUser’}->Id && $ENV{‘HTTPS’}) {
- $m->redirect(‘http://’.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});
+}
unless ($session{‘CurrentUser’} && $session{‘CurrentUser’}->Id) {
$session{‘CurrentUser’} = RT::CurrentUser->new();
}
@@ -218,6 +223,10 @@
If we have no credentials
else {
-
check if we are in HTTPS mode
- if (! $ENV{‘HTTPS’} ) {
-
$m->redirect('https://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI}); - }
$m->comp(‘/Elements/Login’, %ARGS);
$m->abort();
}
diff -uNr rt-3.4.4.orig/html/Elements/SetupSessionCookie
rt-3.4.4/html/Elements/SetupSessionCookie
— rt-3.4.4.orig/html/Elements/SetupSessionCookie 2005-04-18
02:44:50.000000000 +0100
+++ rt-3.4.4/html/Elements/SetupSessionCookie 2006-01-06
03:51:46.000000000 +0000
@@ -47,7 +47,9 @@
return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook
my %cookies = CGI::Cookie->fetch();
-my $cookiename = “RT_SID_”.$RT::rtname.“.”.$ENV{‘SERVER_PORT’};
+# removed SERVER_PORT from cookie name so it can be valid on HTTP and HTTPS
+#my $cookiename = “RT_SID_”.$RT::rtname.“.”.$ENV{‘SERVER_PORT’};
+my $cookiename = “RT_SID_”.$RT::rtname.“.”.‘0000’;
my %backends = (
mysql => ‘Apache::Session::MySQL’,
Pg => ‘Apache::Session::Postgres’,
Regards,
But after the login, the page will return to http?
humm, no because it’s the same url
you can also modify the login page to do the POST using https, but that
doesn’t solve this.sure it’s possible, but that will need more modifications I think and I
don’t have yet enough time to find whichor … use full https for you’re RT
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com
The easiest thing for you to do is have the entire site in SSL. Is there a
particular reason you only want the login credentials passed using secure
sockets layer?
James Moseley
CPU Time, with ssl i’m going to expend so much machine resources…
Regards,
The easiest thing for you to do is have the entire site in SSL. Is there a
particular reason you only want the login credentials passed using secure
sockets layer?James Moseley
Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com
CPU Time, with ssl i’m going to expend so much machine resources…
I think that’s very unlikely. If SSL is going to bring your machine to its
knees, then you probably haven’t enough power to run RT anyway, or much of
anything else. Why not try with all SSL and see how it goes? If it’s slow,
try without SSL and compare.
Good luck,
Steve
Stephen Turner
Senior Programmer/Analyst - SAIS
MIT IS&T
KK Steve,
I’ll give a try
I have
System Configuration: Sun Microsystems sun4u Sun Fire V240
System clock frequency: 167 MHZ
Memory size: 8GB
==================================== CPUs
E$ CPU CPU
CPU Freq Size Implementation Mask Status
Location
0 1503 MHz 1MB SUNW,UltraSPARC-IIIi 3.4 on-line MB/P0
1 1503 MHz 1MB SUNW,UltraSPARC-IIIi 3.4 on-line MB/P1
I think i have enough power for now… later i’m going to migrate to this
machine:
System Configuration: Sun Microsystems sun4v SPARC Enterprise T5120
Memory size: 32640 Megabytes
========================= CPUs
CPU CPU
Location CPU Freq Implementation Mask
MB/CMP0/P0 0 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P1 1 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P2 2 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P3 3 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P4 4 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P5 5 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P6 6 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P7 7 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P8 8 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P9 9 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P10 10 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P11 11 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P12 12 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P13 13 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P14 14 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P15 15 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P16 16 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P17 17 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P18 18 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P19 19 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P20 20 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P21 21 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P22 22 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P23 23 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P24 24 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P25 25 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P26 26 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P27 27 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P28 28 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P29 29 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P30 30 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P31 31 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P32 32 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P33 33 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P34 34 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P35 35 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P36 36 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P37 37 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P38 38 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P39 39 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P40 40 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P41 41 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P42 42 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P43 43 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P44 44 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P45 45 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P46 46 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P47 47 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P48 48 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P49 49 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P50 50 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P51 51 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P52 52 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P53 53 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P54 54 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P55 55 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P56 56 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P57 57 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P58 58 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P59 59 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P60 60 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P61 61 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P62 62 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P63 63 1167 MHz SUNW,UltraSPARC-T2
But i’m scrooge with resources… hehehehe
Regards!
CPU Time, with ssl i’m going to expend so much machine resources…
I think that’s very unlikely. If SSL is going to bring your machine to its
knees, then you probably haven’t enough power to run RT anyway, or much of
anything else. Why not try with all SSL and see how it goes? If it’s slow,
try without SSL and compare.Good luck,
Steve–
Stephen Turner
Senior Programmer/Analyst - SAIS
MIT IS&T
Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com
KK Steve,
I’ll give a try
I have
…
One thing that can help is to enable compression, while is takes
some CPU resources, it decreases the amount of data sent over
the network and therefore needs to be encrypted.
Cheers,
Ken
Let’s be clear about this. Back in 1995 when we were using sun4m and
P90s with 16mb of RAM, SSL was a problem. More than 100 SSL users and
the machine would suffer a bit.
Do you have 10-year old machines? Do you have more than 100
concurrent users? (at the same time?)
If both of these aren’t true, you won’t have any problems with SSL
trust me My personal colo box is a bit outdated – it’s 1.67g
with 1gig of RAM, and it is currently handling 200-250 concurrent SSL
sessions without breaking 2% CPU.On Jan 23, 2009, at 7:05 AM, Eliezer E Chávez wrote:
CPU Time, with ssl i’m going to expend so much machine resources…
Regards,
On Fri, Jan 23, 2009 at 10:32 AM, jmoseley@corp.xanadoo.com wrote:
The easiest thing for you to do is have the entire site in SSL. Is
there a
particular reason you only want the login credentials passed using
secure
sockets layer?James Moseley
–
Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness