Force login to SSL

(counterpoint) #1

How would Piwik need to be modified to force the login form to redirect to the https version of the site (if not already there)?

(rschilt) #2

I’m interested to hear the answer to this question too.

(vipsoft) #3

The easiest method is via a redirect in your Apache config.

(racemoto) #4

Hi vipsoft, hi everybody,

having read…

this posting

…I was wondering how to secure the User Inteface with https (forcing every user to the https server instead of allowing them to login via http), while making sure that no statistic requests are being redirected (they shall remain on the http Server for performance issues).

Is it right that it should be sufficient to redirect any request that calls “index.php” and is not using http?

I assume that the statistic requests should never call the “index.php” (but only piwik.js or piwik.php) - is that correct?

Thanks in advance & best regards,

(vipsoft) #5

No, racemoto. index.php acts as a dispatcher, so practically all the non-static content is routed through it.