Topic: Unable to access newly created i-bay from web browser

[calisun]

I have just created new i-bay with following settings:


but when I point to that i-bay in my web browser I get 403 Forbidden message


All previously created i-bays function fine, I have no problem accessing them in web browser..
I checked permissions of the i-bay and all folders inside, they are all the same as all other existing i-bays.

[guest22]

Please provide more details on server version, mode, contribs installed, yum updates and certificates if used.

[mmccarn]

Is there anything interesting in /var/log/httpd/error.log or /var/log/httpd/access.log?

[calisun]

ugh, my bad. I set "force secure connection" option as enabled, but I was connecting using http not https.
That option threw me off because that option was not available last time I created an i-bay.

I think the message should be something else, like "secure connection required" or like some sites automatically redirect browser to https when they detect http connection.
"Forbidden" message is confusing and does not say what happened.

[guest22]

I think the message should be something else, like "secure connection required" or like some sites automatically redirect browser to https when they detect http connection.
"Forbidden" message is confusing and does not say what happened.

That message is an Apache message, not an SME Server message. But I agree, maybe we should be a bit more informative if we enable additional options, thus adding complexity and simplify that at the same time. We need to live up to our 'simplicity'.

[Jean-Philippe Pialasse]

ugh, my bad. I set "force secure connection" option as enabled, but I was connecting using http not https.
That option threw me off because that option was not available last time I created an i-bay.

I think the message should be something else, like "secure connection required" or like some sites automatically redirect browser to https when they detect http connection.
"Forbidden" message is confusing and does not say what happened.

The error message would be difficult to change unless you personalize apache to make your own error page, and even there it would be difficult and not recommended to explain more about the error.

What could be done is to force redirect to htpps as it is done for server manager and webmail.

Would you open a new feature request in bugs.contribs.org and post link here ?

[Stefano]

I think calisun is asking for a clearer description in server-manager page

[Jean-Philippe Pialasse]

I think calisun is asking for a clearer description in server-manager page

then this is the "force secure connections" that should be changed to something more appropriate to reality : "Deny non secure connections". As currently nothing is force to go to SSL, it just refused if it is not !

But again for an user friendly use, I do not see the point of just denying instead of redirecting ....

[calisun]

Hi Jean-Philippe Pialasse,
as per your request I have created new feature request.
The link to the request is:

https://bugs.contribs.org/show_bug.cgi?id=10282

[Jean-Philippe Pialasse]

Calisun,

thank you for taking the time. I can not guarantee any timeline to see it implemented, but I feel this should be done!

Jean-Philippe

[calisun]

Hi Jean-Philippe and all,
I know that this thread is almost 6 moths old, but I think the redirect option is becoming critical and needs to addressed soon since google and firefox will now penalize sites that don't have secure sites. The issue is, many people will just type URL without https, and they will get "forbidden" message which will make them think that the site is down. But they just need to be redirected to https site when "Force Secure Connection" option is enabled, just like it is done now with server-manager and webmail.

[ReetP]

Hi Jean-Philippe and all,
I know that this thread is almost 6 moths old, but I think the redirect option is becoming critical and needs to addressed soon since google and firefox will now penalize sites that don't have secure sites. The issue is, many people will just type URL without https, and they will get "forbidden" message which will make them think that the site is down. But they just need to be redirected to https site when "Force Secure Connection" option is enabled, just like it is done now with server-manager and webmail.

That's cos those 3 or 4 who actually do any code writing here right now have full time jobs doing other stuff and don't necessarily have the time to work on this at the minute.

There may also be other priorities which are higher than this.... they have just had to move the entire CVS repo off sourceforge to the Koozali infra as sourceforge was closing CVS - that took a lot of work, and was way more critical than this.

We all have other lives, and only 24 hours in the day.

Don't just wait for 'someone' to fix it - go have a look and see what you can find out about how it works and a possible solution. I'm sure if you start looking and ask sensible questions then people will give you a hand to look further. You can do that all on the bug you opened..... (and it is exactly how I started - you'll learn loads more too)

[Jean-Philippe Pialasse]

simply install smeserver-webapps-common it will give you the behaviour you ask.

https://wiki.contribs.org/Webapps-common

[ReetP]

simply install smeserver-webapps-common it will give you the behaviour you ask.

https://wiki.contribs.org/Webapps-common

The poster is right... it would be nice to have a fix without resorting to more contribs. This should be default/core these days.

Just wanted to point out the realities of actually fixing it....

[janet]

calisun

...... this thread is almost 6 months old.....

This Howto has existed for 10 years !
https://wiki.contribs.org/Https_redirection