Quantcast

configuring HttpsRedirectPlugin

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

configuring HttpsRedirectPlugin

Vovk, Olga (NIH/CIT) [C]

Dear all,

I have a question regarding configuration of HttpsRedirectPlugin .

 

We are required by policies of our organization to set up the https for our FOSWIKI login. WIKI site address  ibis-wiki.cit.nih.gov.

We installed the "HttpsRedirectPlugin".

But we are having problem when trying to log in into WIKI using Firefox (ver > 38.)

 

We are receiving the following error “Secure Connection Failed”.

As it appears an error occurs during a connection  to ibis-wiki.cit.nih.gov.

SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) 

 

I wonder if anyone could help us with this?

 

Thank you!

 

 

Olga Vovk

<:3)))~~~~

Senior Research Data Analyst,

SRA contractor

NIH/CIT/DCB/BIRSS

NIH campus, Building 12A, room # 2015

Phone: 301-443-3693

 


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Oliver Krüger-2
Hi Olga,

ssl_error_rx_record_too_long

First hit on Google regarding your problem: 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

Oliver


PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.



------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss

signature.asc (858 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Scott Mitchell
In reply to this post by Vovk, Olga (NIH/CIT) [C]

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

 

From: Vovk, Olga (NIH/CIT) [C] [mailto:[hidden email]]
Sent: Thursday, May 21, 2015 11:06 AM
To: [hidden email]
Cc: Vovk, Olga (NIH/CIT) [C]; Scott Mitchell
Subject: configuring HttpsRedirectPlugin

 

Dear all,

I have a question regarding configuration of HttpsRedirectPlugin .

 

We are required by policies of our organization to set up the https for our FOSWIKI login. WIKI site address  ibis-wiki.cit.nih.gov.

We installed the "HttpsRedirectPlugin".

But we are having problem when trying to log in into WIKI using Firefox (ver > 38.)

 

We are receiving the following error “Secure Connection Failed”.

As it appears an error occurs during a connection  to ibis-wiki.cit.nih.gov.

SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) 

 

I wonder if anyone could help us with this?

 

Thank you!

 

 

Olga Vovk

<:3)))~~~~

Senior Research Data Analyst,

SRA contractor

NIH/CIT/DCB/BIRSS

NIH campus, Building 12A, room # 2015

Phone: 301-443-3693

 


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Vovk, Olga (NIH/CIT) [C]
In reply to this post by Oliver Krüger-2

From: Scott Mitchell [mailto:[hidden email]]
Sent: Thursday, May 21, 2015 2:19 PM
To: Vovk, Olga (NIH/CIT) [C]; [hidden email]
Subject: RE: configuring HttpsRedirectPlugin

 

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

From: Oliver Krüger [mailto:[hidden email]]
Sent: Thursday, May 21, 2015 11:36 AM
To: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

Hi Olga,

 

ssl_error_rx_record_too_long

 

First hit on Google regarding your problem: 

 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

 

Oliver

 

 

PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.

 


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Chris Hoefler

It's hard to guess what the problem may be without knowing more about your specific configuration. What are your path settings in configure?

Do you have to support mixed http/https access, or can you just make the whole site https? The latter is easier to setup as it only requires configuring the web server to redirect http requests to https.


On May 21, 2015, at 2:12 PM, "Vovk, Olga (NIH/CIT) [C]" <[hidden email]> wrote:

From: Scott Mitchell [[hidden email]]
Sent: Thursday, May 21, 2015 2:19 PM
To: Vovk, Olga (NIH/CIT) [C]; [hidden email]
Subject: RE: configuring HttpsRedirectPlugin

 

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

From: Oliver Krüger [[hidden email]]
Sent: Thursday, May 21, 2015 11:36 AM
To: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

Hi Olga,

 

ssl_error_rx_record_too_long

 

First hit on Google regarding your problem: 

 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

 

Oliver

 

 

PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.

 

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Colas Nahaboo
What I did, without using the HttpsRedirectPlugin:

have 2 identical apache configs, one for http and one for https

in the http one, add:

  ## only use HTTPS for login
  RewriteRule ^(/bin/login/.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R,NE]

in the https one, add:

  ## only use HTTPS for login 
  RewriteCond     %{REQUEST_URI} !^/bin/login.* 
  RewriteCond     %{QUERY_STRING} !ssl=ok$
  RewriteRule     ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [L,R,NE] 

Using only https for login has the benefit of letting people use in their topics http links in %INCLUDE{..}% and import of images, css, js, without the browser complaining of mixing http&https in a page.

Note: for testing purposes, the line
%{QUERY_STRING} !ssl=ok$ alllows to use the site with https, by appending ?ssl=ok to the url, otherise we are redirected to http

Colas.


On 22 May 2015 at 05:00, Chris Hoefler <[hidden email]> wrote:

It's hard to guess what the problem may be without knowing more about your specific configuration. What are your path settings in configure?

Do you have to support mixed http/https access, or can you just make the whole site https? The latter is easier to setup as it only requires configuring the web server to redirect http requests to https.


On May 21, 2015, at 2:12 PM, "Vovk, Olga (NIH/CIT) [C]" <[hidden email]> wrote:

From: Scott Mitchell [[hidden email]]
Sent: Thursday, May 21, 2015 2:19 PM
To: Vovk, Olga (NIH/CIT) [C]; [hidden email]
Subject: RE: configuring HttpsRedirectPlugin

 

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

From: Oliver Krüger [[hidden email]]
Sent: Thursday, May 21, 2015 11:36 AM
To: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

Hi Olga,

 

ssl_error_rx_record_too_long

 

First hit on Google regarding your problem: 

 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

 

Oliver

 

 

PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.

 

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss




--
Colas Nahaboo - http://colas.nahaboo.net

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Scott Mitchell
In reply to this post by Chris Hoefler

Good morning,

 

I am having a very difficult time.  I disabled the HttpsRedirect Plugin and now just trying to set the login page to go to https.  However, I am getting the following error:

 

The requested URL /foswiki/bin/login/Main/WebHome was not found on this server.


Apache/2.2.15 (Red Hat) Server at ibis-wiki.cit.nih.gov Port 443

 

I am not sure what I am missing.   I have even tried to set the entire site to use https but also not working.  Any help is greatly appreciated.

 

-Scott

 

 

From: Chris Hoefler [mailto:[hidden email]]
Sent: Thursday, May 21, 2015 11:00 PM
To: [hidden email]
Cc: Oliver Krüger; Scott Mitchell
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 


It's hard to guess what the problem may be without knowing more about your specific configuration. What are your path settings in configure?

 

Do you have to support mixed http/https access, or can you just make the whole site https? The latter is easier to setup as it only requires configuring the web server to redirect http requests to https.

 


On May 21, 2015, at 2:12 PM, "Vovk, Olga (NIH/CIT) [C]" <[hidden email]> wrote:

From: Scott Mitchell [[hidden email]]
Sent: Thursday, May 21, 2015 2:19 PM
To: Vovk, Olga (NIH/CIT) [C]; [hidden email]
Subject: RE: configuring HttpsRedirectPlugin

 

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

From: Oliver Krüger [[hidden email]]
Sent: Thursday, May 21, 2015 11:36 AM
To: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

Hi Olga,

 

ssl_error_rx_record_too_long

 

First hit on Google regarding your problem: 

 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

 

Oliver

 

 

PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.

 

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Chris Hoefler
How is your https virtual host configured? Does it have the same DocumentRoot and <Directory> settings as your http virtual host?

In your path settings in Foswiki configure, you need to set your urlhost, urlpaths, and dirs to match these settings. Any discrepancies will create problems.

After configuring, test by first going straight to https://<host>/bin/login. This should give you the login page. If it doesn't, there is a problem with your Apache settings. After logging in successfully, you should be redirected to https://<host>/bin/view/Main/WebHome. If that doesn't work, there is problem with your Foswiki configure settings. Once you get normal login and navigation working, you can try to add rewrite rules that will allow you to redirect http traffic to https, or use Colas' trick to do this just for the login page. But rewrite rules can be confusing until you get used to the syntax, so don't mess with those until the basic functionality is working.

Here is a stackoverflow on http -> https redirection that may help you,
http://stackoverflow.com/questions/16200501/http-to-https-apache-redirection




On Fri, May 22, 2015 at 8:50 AM, Scott Mitchell <[hidden email]> wrote:

Good morning,

 

I am having a very difficult time.  I disabled the HttpsRedirect Plugin and now just trying to set the login page to go to https.  However, I am getting the following error:

 

The requested URL /foswiki/bin/login/Main/WebHome was not found on this server.


Apache/2.2.15 (Red Hat) Server at ibis-wiki.cit.nih.gov Port 443

 

I am not sure what I am missing.   I have even tried to set the entire site to use https but also not working.  Any help is greatly appreciated.

 

-Scott

 

 

From: Chris Hoefler [mailto:[hidden email]]
Sent: Thursday, May 21, 2015 11:00 PM
To: [hidden email]
Cc: Oliver Krüger; Scott Mitchell


Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 


It's hard to guess what the problem may be without knowing more about your specific configuration. What are your path settings in configure?

 

Do you have to support mixed http/https access, or can you just make the whole site https? The latter is easier to setup as it only requires configuring the web server to redirect http requests to https.

 


On May 21, 2015, at 2:12 PM, "Vovk, Olga (NIH/CIT) [C]" <[hidden email]> wrote:

From: Scott Mitchell [[hidden email]]
Sent: Thursday, May 21, 2015 2:19 PM
To: Vovk, Olga (NIH/CIT) [C]; [hidden email]
Subject: RE: configuring HttpsRedirectPlugin

 

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

From: Oliver Krüger [[hidden email]]
Sent: Thursday, May 21, 2015 11:36 AM
To: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

Hi Olga,

 

ssl_error_rx_record_too_long

 

First hit on Google regarding your problem: 

 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

 

Oliver

 

 

PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.

 

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss




--
Chris Hoefler, PhD
Postdoctoral Research Associate
Straight Lab
Texas A&M University
2128 TAMU
College Station, TX 77843-2128

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Scott Mitchell

Hi Chris,


Thank you for the response.  That is definitely one way I configured, with https having the same DocumentRoot/<Directory> settings.  Are you saying in the Foswiki configure, I need to have the path with https??

 

Would it be possible to get the steps you have taken to set the entire Foswiki/Apache site to HTTPS??  I am pretty sure it is my Apache settings because going to /bin/login gives me the page not found.  I tried creating a virtual host in the foswiki.conf and also modified the current one in ssl.conf.  However, I was not able to get it working either way. 

 

Thanks,

Scott

 

 

From: Chris Hoefler [mailto:[hidden email]]
Sent: Friday, May 22, 2015 10:51 AM
To: Scott Mitchell
Cc: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

How is your https virtual host configured? Does it have the same DocumentRoot and <Directory> settings as your http virtual host?

In your path settings in Foswiki configure, you need to set your urlhost, urlpaths, and dirs to match these settings. Any discrepancies will create problems.

After configuring, test by first going straight to https://<host>/bin/login. This should give you the login page. If it doesn't, there is a problem with your Apache settings. After logging in successfully, you should be redirected to https://<host>/bin/view/Main/WebHome. If that doesn't work, there is problem with your Foswiki configure settings. Once you get normal login and navigation working, you can try to add rewrite rules that will allow you to redirect http traffic to https, or use Colas' trick to do this just for the login page. But rewrite rules can be confusing until you get used to the syntax, so don't mess with those until the basic functionality is working.

Here is a stackoverflow on http -> https redirection that may help you,
http://stackoverflow.com/questions/16200501/http-to-https-apache-redirection

 

 

On Fri, May 22, 2015 at 8:50 AM, Scott Mitchell <[hidden email]> wrote:

Good morning,

 

I am having a very difficult time.  I disabled the HttpsRedirect Plugin and now just trying to set the login page to go to https.  However, I am getting the following error:

 

The requested URL /foswiki/bin/login/Main/WebHome was not found on this server.


Apache/2.2.15 (Red Hat) Server at ibis-wiki.cit.nih.gov Port 443

 

I am not sure what I am missing.   I have even tried to set the entire site to use https but also not working.  Any help is greatly appreciated.

 

-Scott

 

 

From: Chris Hoefler [mailto:[hidden email]]
Sent: Thursday, May 21, 2015 11:00 PM
To: [hidden email]
Cc: Oliver Krüger; Scott Mitchell


Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 


It's hard to guess what the problem may be without knowing more about your specific configuration. What are your path settings in configure?

 

Do you have to support mixed http/https access, or can you just make the whole site https? The latter is easier to setup as it only requires configuring the web server to redirect http requests to https.

 


On May 21, 2015, at 2:12 PM, "Vovk, Olga (NIH/CIT) [C]" <[hidden email]> wrote:

From: Scott Mitchell [[hidden email]]
Sent: Thursday, May 21, 2015 2:19 PM
To: Vovk, Olga (NIH/CIT) [C]; [hidden email]
Subject: RE: configuring HttpsRedirectPlugin

 

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

From: Oliver Krüger [[hidden email]]
Sent: Thursday, May 21, 2015 11:36 AM
To: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

Hi Olga,

 

ssl_error_rx_record_too_long

 

First hit on Google regarding your problem: 

 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

 

Oliver

 

 

PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.

 

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss




--

Chris Hoefler, PhD
Postdoctoral Research Associate
Straight Lab
Texas A&M University
2128 TAMU
College Station, TX 77843-2128


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: configuring HttpsRedirectPlugin

Chris Hoefler
I note from the link sent by Olga that your base url path appears to be /foswiki instead of /. So try https://<host>/foswiki/bin/login. If you specify /var/www as your DocumentRoot and your Foswiki installation is in /var/www/foswiki, then your base url path for Foswiki will be /foswiki. This is fine, but then you need to make sure Foswiki configure knows that (ie: {ScriptUrlPath} needs to be /foswiki/bin instead of /bin, {PubUrlPath} needs to be /foswiki/pub instead of /pub, etc). Your Dirs need to be the full directory paths (ex: {PubDir} = /var/www/foswiki/pub). The {DefaultUrlHost} is used to build the links in your wiki, so if you want your site to be all https you need to use https://<host> or https://<host>:<port> if you are using a non-standard port. If you want an http site with https login, set {DefaultUrlHost} to http://<host> and {PermittedRedirectHostUrls} to https://<host>.

Also, make sure the <Directory> statements in your Apache conf have the proper security settings or you risk having your site compromised (ex: Deny from all on /, +ExecCGI only on /var/www/foswiki/bin, Allow from all on /var/www/foswiki/data and /var/www/foswiki/pub, restrict access to the /bin/configure script, etc).

I don't have an Apache installation at the moment that I can share with you (we are using lighttpd), but this should help getting you sorted out.



On Fri, May 22, 2015 at 1:13 PM, Scott Mitchell <[hidden email]> wrote:

Hi Chris,


Thank you for the response.  That is definitely one way I configured, with https having the same DocumentRoot/<Directory> settings.  Are you saying in the Foswiki configure, I need to have the path with https??

 

Would it be possible to get the steps you have taken to set the entire Foswiki/Apache site to HTTPS??  I am pretty sure it is my Apache settings because going to /bin/login gives me the page not found.  I tried creating a virtual host in the foswiki.conf and also modified the current one in ssl.conf.  However, I was not able to get it working either way. 

 

Thanks,

Scott

 

 

From: Chris Hoefler [mailto:[hidden email]]
Sent: Friday, May 22, 2015 10:51 AM
To: Scott Mitchell
Cc: [hidden email]


Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

How is your https virtual host configured? Does it have the same DocumentRoot and <Directory> settings as your http virtual host?

In your path settings in Foswiki configure, you need to set your urlhost, urlpaths, and dirs to match these settings. Any discrepancies will create problems.

After configuring, test by first going straight to https://<host>/bin/login. This should give you the login page. If it doesn't, there is a problem with your Apache settings. After logging in successfully, you should be redirected to https://<host>/bin/view/Main/WebHome. If that doesn't work, there is problem with your Foswiki configure settings. Once you get normal login and navigation working, you can try to add rewrite rules that will allow you to redirect http traffic to https, or use Colas' trick to do this just for the login page. But rewrite rules can be confusing until you get used to the syntax, so don't mess with those until the basic functionality is working.

Here is a stackoverflow on http -> https redirection that may help you,
http://stackoverflow.com/questions/16200501/http-to-https-apache-redirection

 

 

On Fri, May 22, 2015 at 8:50 AM, Scott Mitchell <[hidden email]> wrote:

Good morning,

 

I am having a very difficult time.  I disabled the HttpsRedirect Plugin and now just trying to set the login page to go to https.  However, I am getting the following error:

 

The requested URL /foswiki/bin/login/Main/WebHome was not found on this server.


Apache/2.2.15 (Red Hat) Server at ibis-wiki.cit.nih.gov Port 443

 

I am not sure what I am missing.   I have even tried to set the entire site to use https but also not working.  Any help is greatly appreciated.

 

-Scott

 

 

From: Chris Hoefler [mailto:[hidden email]]
Sent: Thursday, May 21, 2015 11:00 PM
To: [hidden email]
Cc: Oliver Krüger; Scott Mitchell


Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 


It's hard to guess what the problem may be without knowing more about your specific configuration. What are your path settings in configure?

 

Do you have to support mixed http/https access, or can you just make the whole site https? The latter is easier to setup as it only requires configuring the web server to redirect http requests to https.

 


On May 21, 2015, at 2:12 PM, "Vovk, Olga (NIH/CIT) [C]" <[hidden email]> wrote:

From: Scott Mitchell [[hidden email]]
Sent: Thursday, May 21, 2015 2:19 PM
To: Vovk, Olga (NIH/CIT) [C]; [hidden email]
Subject: RE: configuring HttpsRedirectPlugin

 

Hello,

 

I have tried just about everything after installing the HttpsRedirectPlugin.  I added a lot of different url’s to the Permittedredirecturls in LocalSite.cfg file and now getting this error:

 

Attention

Rename completed, but unsafe redirect to <https url> is denied.: The requested host does not match <default http url>, and is not in {PermittedRedirectHostUrls}.

 

 

Any help you can provide would be greatly appreciated.

 

Thanks,

Scott

 

From: Oliver Krüger [[hidden email]]
Sent: Thursday, May 21, 2015 11:36 AM
To: [hidden email]
Subject: Re: [Foswiki-discuss] configuring HttpsRedirectPlugin

 

Hi Olga,

 

ssl_error_rx_record_too_long

 

First hit on Google regarding your problem: 

 

Foswiki cannot talk SSL on its own. The underlying webserver (i.e. Apache) does that. I hope that helps narrowing down the problem.

 

Oliver

 

 

PS: Im not sure if it was the exact same error message, but I think I got those error messages when my browser tries to talk https to a http server.

 

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss




--

Chris Hoefler, PhD
Postdoctoral Research Associate
Straight Lab
Texas A&M University
2128 TAMU
College Station, TX 77843-2128




--
Chris Hoefler, PhD
Postdoctoral Research Associate
Straight Lab
Texas A&M University
2128 TAMU
College Station, TX 77843-2128

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Foswiki-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/foswiki-discuss
Loading...