On 2017-02-23 01:08, [email protected] wrote:
As far as I can tell, there is actually a strong flow all around us,
heading to draw *all* connections under the https protocol. That is,
not only (in our case) the Pmwiki "folder" but as much as possible of
any website.
All the major browsers now show with growing vehemence, with both text
and symbols, when a page is not safe, and in some instances the
wording I saw were really threatening for any casual user. And again,
this happens even if a single (no matter how secondary, let's say an
ancillary script, or an image) component of any page is not served
securely with https. It's really a stressing business to "debug", and
more of it for people not too skilled in the matter. So, I believe it
would be better and easier to try and serve a whole website on https
by default.
I feel really puzzled, Petko: your script idea is interesting but why
strenghtening the door if I then leave the windows spread open? If I
understand right, anybody will circumvent the https shield just by
disabling javascript. Or am I wrong?
I am thinking about the matter (having little knowledge) since a
couple of days and I am not sure how to move.
One way or the other, I am afraid that me should face the need to
(sooner or later, better sooner) let our websites be accessible on
https by default.
I wrote that it depends on your audience.
When your client has thousands of users who do NOT have a recent browser
at work and MUST be able reach the wiki from an office computer, the
only ways are to either do it with an old-style, expensive, manually
validated SSL certificate (you own your IP address, send your ID, the
Certificate Authority calls you personally on the phone), OR to leave it
in the clear (HTTP). My solution attempts to do the least bad thing I
imagined so far: redirect the capable browsers to the secure connection.
A visitor on an older system like Windows XP and probably Vista CANNOT
open an automatic DV certificate, either the free one Let's Encrypt, or
another cheap one (~60€/year).
If your website visitors have all more recent operating systems and
recent browsers, or if you don't care about any others, certainly use
the .htaccess redirection. Again, it depends on your audience.
On 2017-02-23 01:24, [email protected] wrote:
As an example, I keep all my images in a /f/ folder (outside the Pmwiki
one)
So, how can I have this image (forcely) served though https?
http://www.example.com/f/Group/Page/image.jpg
Where should I place your suggested php lines?
if($UrlScheme == 'http')
Redirect($pagename,
"https://www.yourwiki.net".$_SERVER['REQUEST_URI']);
This config.php line does not automatically redirect static files to the
secure connection. If your links to these from your website are
hardcoded HTTP links, this is indeed annoying. It would have been less
annoying to update some InterMap prefix or even to use the relative
Path: prefix that should always work.
In that case, do use the .htaccess method that you posted and that works
for you. Another one that may work could be this:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.net/$1 [R,L]
This is right after the line "RewriteEngine On".
About your installation, the RedirectMatch line always redirected the
browser to /S/abc for a split second, then Bloge-ShortUrl redirected the
browser to the real page URL. You just never noticed it.
The error code you see appears either (1) when there is no page
containing the short urls, [[Site.ShortUrl]] by default, or (2) when the
visitor doesn't have read permissions for it.
(1) can happen if the page was deleted, or the wiki was moved from
another hosting and that page somehow didn't make it, or you recently
played with $WikiDir or if you added or changed the PageStore class, and
something was left mis-configured.
(2) can happen if you read-protect the Site group, and many other things
will go wrong like disappearing parts of the interface (PageActions,
PageNotFound...).
I'd start from there.
Petko
---
Change log : http://www.pmwiki.org/wiki/PmWiki/ChangeLog
Release notes : http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes
If you upgrade : http://www.pmwiki.org/wiki/PmWiki/Upgrades
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
