Elxis CMS Forum

Support => Security => Topic started by: turno on March 03, 2008, 20:57:30

Title: Serving some pages over ssl?
Post by: turno on March 03, 2008, 20:57:30

Hello,
after trying a lot of cms's, I have decided that Elxis is the one that best suits my needs  ;) The only doubt I have before installing it in a production environment regards securing some web pages. I need to have some pages password-protected over ssl. I have seen that Elxis works pretty well — and without doing anything special — over ssl (e.g., using https:// instead of http://), but I don't want to secure the whole site. I wonder if there is any extension/module/hack (I'm using Apache2) to safely redirect some pages to https, so that, if the user types http://mysite.org/elxis/protected, this will be redirected to https://mysite.org/elxis/protected, but any other page will be served over http.

Besides, is there any issue about password protecting some pages through Apache? For example, do SEO links need special care so that they're not circumvented?

Thanks in advance!

Title: Re: Serving some pages over ssl?
Post by: datahell on March 04, 2008, 07:57:38

You must pay attention to this:
Each SEO PRO URL can also be accessed via the non seo method.

For instance this one:
http://www.mysite.com/links/
Is the same with this one:
http://www.mysite.com/index.php?option=com_weblinks&Itemid=xx

So, even if you password protect the SEO PRO URL, the non-SEO URL will stay unprotected!

I advise you to use Elxis access system over http instead of password-protected pages over https. Elxis access system is very secure, no one will be able to see a page that he is not allowed to see it. If you wish to set access on a whole component (even third party) you can do so from Elxis access manager. Elxis is very flexible on this and give you many solutions.

Title: Re: Serving some pages over ssl?
Post by: turno on March 04, 2008, 17:33:56

Thank you, what you say makes perfectly sense. Password protection through Apache is not necessary; encryption of some content (including login), however, is a requirement of our system I cannot dispose of. I am planning to achieve it by Apache RewriteRules redirecting some http links to https: I do not see substantial difficulties in implementing that (with the caveat of SEO Pro links, of course), but, since I am new to Elxis, I may be missing something, in which case I would be glad if someone could point out potential problems.

> If you wish to set access on a whole component (even third party) you can do so from Elxis access manager. Elxis is very flexible on this and give you many solutions.

Glad to hear that  :) Please keep up with the good work  ;)