Hi all, I''m looking for a little guidance here in setting up my .htacces and/ or httpd.conf files. I''ve got a single Rails app that happens to have two domains pointing to it...let''s say www.domain1.com and www.domain2.com. www.domain2.com has an SSL certificate associated with it, so any request can be made via http or https and this seems to be working fine (domain1.com can only be accessed via http). My problem is that I need all actions for a particular controller (registration) to be encrypted. The possible actions are: /registration /registration/showClasses /registration/showForm /registration/sendRegistration /registration/sendQuestionnaire If any requests are made to http://www.domain1.com/registration/<action> (1st domain, un-encrypted) or http://www.domain2.com/registration/<action> (2nd domain, un-encrypted) then they should be forwarded to https://www.domain2.com/registration/<action> (2nd domain, encrypted). Any other request (to any controller OTHER THAN the registration controller) should be forwarded to http://www.domain1.com/controller/<action>. At this point, the SSL seems to be set up just fine...I can go to https://www.domain2.com and get a secure page. However there''s nothing keeping me from just changing the protocol to http in the address bar or changing the whole address to http://www.domain1.com and just bypassing the SSL encryption entirely. Any thoughts? Thanks! -Brian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Here you go => http://github.com/rails/ssl_requirement/tree/master On Thu, Sep 4, 2008 at 4:14 PM, bmcelhany <bmcelhany-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Hi all, > > I''m looking for a little guidance here in setting up my .htacces and/ > or httpd.conf files. I''ve got a single Rails app that happens to have > two domains pointing to it...let''s say www.domain1.com and www.domain2.com. > www.domain2.com has an SSL certificate associated with it, so any > request can be made via http or https and this seems to be working > fine (domain1.com can only be accessed via http). > > My problem is that I need all actions for a particular controller > (registration) to be encrypted. The possible actions are: > > /registration > /registration/showClasses > /registration/showForm > /registration/sendRegistration > /registration/sendQuestionnaire > > If any requests are made to http://www.domain1.com/registration/<action> > (1st domain, un-encrypted) or http://www.domain2.com/registration/<action> > (2nd domain, un-encrypted) then they should be forwarded to > https://www.domain2.com/registration/<action> (2nd domain, encrypted). > > Any other request (to any controller OTHER THAN the registration > controller) should be forwarded to http://www.domain1.com/controller/<action>. > > At this point, the SSL seems to be set up just fine...I can go to > https://www.domain2.com and get a secure page. However there''s nothing > keeping me from just changing the protocol to http in the address bar > or changing the whole address to http://www.domain1.com and just > bypassing the SSL encryption entirely. > > Any thoughts? Thanks! > > -Brian > > >-- Maurício Linhares http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/ (en) João Pessoa, PB, +55 83 8867-7208 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Mauricio, Thanks for the link...this definitely looks like it will get me going in the right direction. Is there a way, using this plug-in, to specify that when an "ssl_required" action is called that it needs to be directed to the https://www.domain2.com domain? In other words, if a user requests a secure action from the 1st domain, it''s not enough to simply change the protocol from http to https...it needs to be redirected to the 2nd domain (it''s the only one with an SSL certificate). Does that make sense at all? -Brian On Sep 4, 12:18 pm, "Maurício Linhares" <mauricio.linha...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Here you go =>http://github.com/rails/ssl_requirement/tree/master > > > > On Thu, Sep 4, 2008 at 4:14 PM, bmcelhany <bmcelh...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > Hi all, > > > I''m looking for a little guidance here in setting up my .htacces and/ > > or httpd.conf files. I''ve got a single Rails app that happens to have > > two domains pointing to it...let''s saywww.domain1.comandwww.domain2.com. > >www.domain2.comhas an SSL certificate associated with it, so any > > request can be made via http or https and this seems to be working > > fine (domain1.com can only be accessed via http). > > > My problem is that I need all actions for a particular controller > > (registration) to be encrypted. The possible actions are: > > > /registration > > /registration/showClasses > > /registration/showForm > > /registration/sendRegistration > > /registration/sendQuestionnaire > > > If any requests are made tohttp://www.domain1.com/registration/<action> > > (1st domain, un-encrypted) orhttp://www.domain2.com/registration/<action> > > (2nd domain, un-encrypted) then they should be forwarded to > >https://www.domain2.com/registration/<action> (2nd domain, encrypted). > > > Any other request (to any controller OTHER THAN the registration > > controller) should be forwarded tohttp://www.domain1.com/controller/<action>. > > > At this point, the SSL seems to be set up just fine...I can go to > >https://www.domain2.comand get a secure page. However there''s nothing > > keeping me from just changing the protocol to http in the address bar > > or changing the whole address tohttp://www.domain1.comand just > > bypassing the SSL encryption entirely. > > > Any thoughts? Thanks! > > > -Brian > > -- > Maurício Linhareshttp://alinhavado.wordpress.com/(pt-br) |http://blog.codevader.com/(en) > João Pessoa, PB, +55 83 8867-7208--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 4 Sep 2008, at 21:14, bmcelhany <bmcelhany-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Hi all, > > I''m looking for a little guidance here in setting up my .htacces and/ > or httpd.conf files. I''ve got a single Rails app that happens to have > two domains pointing to it...let''s say www.domain1.com and www.domain2.com > . > www.domain2.com has an SSL certificate associated with it, so any > request can be made via http or https and this seems to be working > fine (domain1.com can only be accessed via http). > > My problem is that I need all actions for a particular controller > (registration) to be encrypted. The possible actions are: > > /registration > /registration/showClasses > /registration/showForm > /registration/sendRegistration > /registration/sendQuestionnaire > > If any requests are made to http://www.domain1.com/registration/ > <action> > (1st domain, un-encrypted) or http://www.domain2.com/registration/ > <action> > (2nd domain, un-encrypted) then they should be forwarded to > https://www.domain2.com/registration/<action> (2nd domain, encrypted). > > Any other request (to any controller OTHER THAN the registration > controller) should be forwarded to http://www.domain1.com/controller/ > <action>. > > At this point, the SSL seems to be set up just fine...I can go to > https://www.domain2.com and get a secure page. However there''s nothing > keeping me from just changing the protocol to http in the address bar > or changing the whole address to http://www.domain1.com and just > bypassing the SSL encryption entirely. > > Any thoughts? Thanks! >Stick a before_filter that checks whether it''s an ssl request?> -Brian > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Brian,
I think it''s completely possible, looking at the source code, the
method that sends the client to the SSL enabled page is this one:
def ensure_proper_protocol
return true if ssl_allowed?
if ssl_required? && !request.ssl?
redirect_to "https://" + request.host + request.request_uri
flash.keep
return false
elsif request.ssl? && !ssl_required?
redirect_to "http://" + request.host + request.request_uri
flash.keep
return false
end
end
You would just have to tweak it to your own needs.
On Thu, Sep 4, 2008 at 4:40 PM, bmcelhany
<bmcelhany-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:>
> Hi Mauricio,
>
> Thanks for the link...this definitely looks like it will get me going
> in the right direction.
>
> Is there a way, using this plug-in, to specify that when an
> "ssl_required" action is called that it needs to be directed to
the
> https://www.domain2.com domain? In other words, if a user requests a
> secure action from the 1st domain, it''s not enough to simply
change
> the protocol from http to https...it needs to be redirected to the 2nd
> domain (it''s the only one with an SSL certificate). Does that make
> sense at all?
>
> -Brian
>
--
Maurício Linhares
http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/ (en)
João Pessoa, PB, +55 83 8867-7208
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
That seems to do the trick. Thanks! On Sep 4, 12:46 pm, "Maurício Linhares" <mauricio.linha...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi Brian, > > I think it''s completely possible, looking at the source code, the > method that sends the client to the SSL enabled page is this one: > > def ensure_proper_protocol > return true if ssl_allowed? > > if ssl_required? && !request.ssl? > redirect_to "https://" + request.host + request.request_uri > flash.keep > return false > elsif request.ssl? && !ssl_required? > redirect_to "http://" + request.host + request.request_uri > flash.keep > return false > end > end > > You would just have to tweak it to your own needs. > > > > On Thu, Sep 4, 2008 at 4:40 PM, bmcelhany <bmcelh...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > Hi Mauricio, > > > Thanks for the link...this definitely looks like it will get me going > > in the right direction. > > > Is there a way, using this plug-in, to specify that when an > > "ssl_required" action is called that it needs to be directed to the > >https://www.domain2.comdomain? In other words, if a user requests a > > secure action from the 1st domain, it''s not enough to simply change > > the protocol from http to https...it needs to be redirected to the 2nd > > domain (it''s the only one with an SSL certificate). Does that make > > sense at all? > > > -Brian > > -- > Maurício Linhareshttp://alinhavado.wordpress.com/(pt-br) |http://blog.codevader.com/(en) > João Pessoa, PB, +55 83 8867-7208--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---