RT Login Page with SSL

Pals

How can i do to only use SSL in login page? I mean, i want my hole rt in
http but the login/password page in https

Best Regards for all!

Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com

Pals

How can i do to only use SSL in login page? I mean, i want my hole rt in
http but the login/password page in https

Use some kind of mod_rewrite rules in your apache configuration to
force redirection in https for root path.

But after the login, the page will return to http?

Regards

Pals

How can i do to only use SSL in login page? I mean, i want my hole rt in
http but the login/password page in https

Use some kind of mod_rewrite rules in your apache configuration to
force redirection in https for root path.


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com

But after the login, the page will return to http?

humm, no because it’s the same url :frowning:

you can also modify the login page to do the POST using https, but that
doesn’t solve this.

sure it’s possible, but that will need more modifications I think and I
don’t have yet enough time to find which :confused:

or … use full https for you’re RT :wink:

I have found this, but i’m not sure how to apply in my 3.8.2 installation…

rt-3.4.4-ForceHTTPSLogin.patch

Warning: this patch is under devel, barely tested!!!

- Redirect to https when credentials are not found;

- Redirect to http when credentials are found;

- Changed cookiename removing SERVER_PORT.

diff -uNr rt-3.4.4.orig/html/autohandler rt-3.4.4/html/autohandler
— rt-3.4.4.orig/html/autohandler 2005-02-01 14:20:40.000000000 +0000
+++ rt-3.4.4/html/autohandler 2006-01-06 03:51:29.000000000 +0000
@@ -72,6 +72,11 @@

$m->comp(’/Elements/SetupSessionCookie’, %ARGS);

+# check credentials and HTTPS, if so redirect to HTTP
+if ($session{‘CurrentUser’} && $session{‘CurrentUser’}->Id && $ENV{‘HTTPS’}) {

  • $m->redirect(‘http://’.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});
    +}
    unless ($session{‘CurrentUser’} && $session{‘CurrentUser’}->Id) {
    $session{‘CurrentUser’} = RT::CurrentUser->new();
    }
    @@ -218,6 +223,10 @@

If we have no credentials

else {

  • check if we are in HTTPS mode

  • if (! $ENV{‘HTTPS’} ) {
  •     $m->redirect('https://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI});
    
  • }
    $m->comp(’/Elements/Login’, %ARGS);
    $m->abort();
    }
    diff -uNr rt-3.4.4.orig/html/Elements/SetupSessionCookie
    rt-3.4.4/html/Elements/SetupSessionCookie
    — rt-3.4.4.orig/html/Elements/SetupSessionCookie 2005-04-18
    02:44:50.000000000 +0100
    +++ rt-3.4.4/html/Elements/SetupSessionCookie 2006-01-06
    03:51:46.000000000 +0000
    @@ -47,7 +47,9 @@
    return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook

my %cookies = CGI::Cookie->fetch();
-my $cookiename = “RT_SID_”.$RT::rtname.".".$ENV{‘SERVER_PORT’};
+# removed SERVER_PORT from cookie name so it can be valid on HTTP and HTTPS
+#my $cookiename = “RT_SID_”.$RT::rtname.".".$ENV{‘SERVER_PORT’};
+my $cookiename = “RT_SID_”.$RT::rtname.".".‘0000’;
my %backends = (
mysql => ‘Apache::Session::MySQL’,
Pg => ‘Apache::Session::Postgres’,

Regards,

But after the login, the page will return to http?

humm, no because it’s the same url :frowning:

you can also modify the login page to do the POST using https, but that
doesn’t solve this.

sure it’s possible, but that will need more modifications I think and I
don’t have yet enough time to find which :confused:

or … use full https for you’re RT :wink:


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com

The easiest thing for you to do is have the entire site in SSL. Is there a
particular reason you only want the login credentials passed using secure
sockets layer?

James Moseley

CPU Time, with ssl i’m going to expend so much machine resources…

Regards,

The easiest thing for you to do is have the entire site in SSL. Is there a
particular reason you only want the login credentials passed using secure
sockets layer?

James Moseley

Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com

CPU Time, with ssl i’m going to expend so much machine resources…

I think that’s very unlikely. If SSL is going to bring your machine to its
knees, then you probably haven’t enough power to run RT anyway, or much of
anything else. Why not try with all SSL and see how it goes? If it’s slow,
try without SSL and compare.

Good luck,
Steve

Stephen Turner
Senior Programmer/Analyst - SAIS
MIT IS&T

KK Steve,

I’ll give a try

I have

System Configuration: Sun Microsystems sun4u Sun Fire V240
System clock frequency: 167 MHZ
Memory size: 8GB

==================================== CPUs
E$ CPU CPU
CPU Freq Size Implementation Mask Status
Location


0 1503 MHz 1MB SUNW,UltraSPARC-IIIi 3.4 on-line MB/P0
1 1503 MHz 1MB SUNW,UltraSPARC-IIIi 3.4 on-line MB/P1

I think i have enough power for now… later i’m going to migrate to this
machine:

System Configuration: Sun Microsystems sun4v SPARC Enterprise T5120
Memory size: 32640 Megabytes

========================= CPUs

                        CPU                 CPU

Location CPU Freq Implementation Mask


MB/CMP0/P0 0 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P1 1 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P2 2 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P3 3 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P4 4 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P5 5 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P6 6 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P7 7 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P8 8 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P9 9 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P10 10 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P11 11 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P12 12 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P13 13 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P14 14 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P15 15 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P16 16 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P17 17 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P18 18 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P19 19 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P20 20 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P21 21 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P22 22 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P23 23 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P24 24 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P25 25 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P26 26 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P27 27 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P28 28 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P29 29 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P30 30 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P31 31 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P32 32 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P33 33 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P34 34 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P35 35 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P36 36 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P37 37 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P38 38 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P39 39 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P40 40 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P41 41 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P42 42 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P43 43 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P44 44 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P45 45 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P46 46 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P47 47 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P48 48 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P49 49 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P50 50 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P51 51 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P52 52 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P53 53 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P54 54 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P55 55 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P56 56 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P57 57 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P58 58 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P59 59 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P60 60 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P61 61 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P62 62 1167 MHz SUNW,UltraSPARC-T2
MB/CMP0/P63 63 1167 MHz SUNW,UltraSPARC-T2

But i’m scrooge with resources… hehehehe

Regards!

CPU Time, with ssl i’m going to expend so much machine resources…

I think that’s very unlikely. If SSL is going to bring your machine to its
knees, then you probably haven’t enough power to run RT anyway, or much of
anything else. Why not try with all SSL and see how it goes? If it’s slow,
try without SSL and compare.

Good luck,
Steve


Stephen Turner
Senior Programmer/Analyst - SAIS
MIT IS&T

Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com

KK Steve,

I’ll give a try

I have

One thing that can help is to enable compression, while is takes
some CPU resources, it decreases the amount of data sent over
the network and therefore needs to be encrypted.

Cheers,
Ken

Let’s be clear about this. Back in 1995 when we were using sun4m and
P90s with 16mb of RAM, SSL was a problem. More than 100 SSL users and
the machine would suffer a bit.

Do you have 10-year old machines? Do you have more than 100
concurrent users? (at the same time?)

If both of these aren’t true, you won’t have any problems with SSL
trust me :wink: My personal colo box is a bit outdated – it’s 1.67g
with 1gig of RAM, and it is currently handling 200-250 concurrent SSL
sessions without breaking 2% CPU.On Jan 23, 2009, at 7:05 AM, Eliezer E Chávez wrote:

CPU Time, with ssl i’m going to expend so much machine resources…

Regards,

On Fri, Jan 23, 2009 at 10:32 AM, jmoseley@corp.xanadoo.com wrote:
The easiest thing for you to do is have the entire site in SSL. Is
there a
particular reason you only want the login credentials passed using
secure
sockets layer?

James Moseley


Eliezer E Chávez
+58-416-6125676
eliezer.chavez@gmail.com

http://www.bumeran.com.ve/cv/eliezer-chavez


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness