Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: calisun on May 07, 2017, 06:52:13 AM
-
I have just created new i-bay with following settings:
(https://preview.ibb.co/dWSpT5/ibay_test1_1.png)
but when I point to that i-bay in my web browser I get 403 Forbidden message
(http://image.ibb.co/imcHFk/ibay_test2_2.png)
All previously created i-bays function fine, I have no problem accessing them in web browser..
I checked permissions of the i-bay and all folders inside, they are all the same as all other existing i-bays.
-
Please provide more details on server version, mode, contribs installed, yum updates and certificates if used.
-
Is there anything interesting in /var/log/httpd/error.log or /var/log/httpd/access.log?
-
ugh, my bad. I set "force secure connection" option as enabled, but I was connecting using http not https.
That option threw me off because that option was not available last time I created an i-bay.
I think the message should be something else, like "secure connection required" or like some sites automatically redirect browser to https when they detect http connection.
"Forbidden" message is confusing and does not say what happened.
-
I think the message should be something else, like "secure connection required" or like some sites automatically redirect browser to https when they detect http connection.
"Forbidden" message is confusing and does not say what happened.
That message is an Apache message, not an SME Server message. But I agree, maybe we should be a bit more informative if we enable additional options, thus adding complexity and simplify that at the same time. We need to live up to our 'simplicity'.
-
ugh, my bad. I set "force secure connection" option as enabled, but I was connecting using http not https.
That option threw me off because that option was not available last time I created an i-bay.
I think the message should be something else, like "secure connection required" or like some sites automatically redirect browser to https when they detect http connection.
"Forbidden" message is confusing and does not say what happened.
The error message would be difficult to change unless you personalize apache to make your own error page, and even there it would be difficult and not recommended to explain more about the error.
What could be done is to force redirect to htpps as it is done for server manager and webmail.
Would you open a new feature request in bugs.contribs.org and post link here ?
-
I think calisun is asking for a clearer description in server-manager page :-)
-
I think calisun is asking for a clearer description in server-manager page :-)
then this is the "force secure connections" that should be changed to something more appropriate to reality : "Deny non secure connections". As currently nothing is force to go to SSL, it just refused if it is not !
But again for an user friendly use, I do not see the point of just denying instead of redirecting ....
-
Hi Jean-Philippe Pialasse,
as per your request I have created new feature request.
The link to the request is:
https://bugs.contribs.org/show_bug.cgi?id=10282 (https://bugs.contribs.org/show_bug.cgi?id=10282)
-
Calisun,
thank you for taking the time. I can not guarantee any timeline to see it implemented, but I feel this should be done!
Jean-Philippe
-
Hi Jean-Philippe and all,
I know that this thread is almost 6 moths old, but I think the redirect option is becoming critical and needs to addressed soon since google and firefox will now penalize sites that don't have secure sites. The issue is, many people will just type URL without https, and they will get "forbidden" message which will make them think that the site is down. But they just need to be redirected to https site when "Force Secure Connection" option is enabled, just like it is done now with server-manager and webmail.
-
Hi Jean-Philippe and all,
I know that this thread is almost 6 moths old, but I think the redirect option is becoming critical and needs to addressed soon since google and firefox will now penalize sites that don't have secure sites. The issue is, many people will just type URL without https, and they will get "forbidden" message which will make them think that the site is down. But they just need to be redirected to https site when "Force Secure Connection" option is enabled, just like it is done now with server-manager and webmail.
That's cos those 3 or 4 who actually do any code writing here right now have full time jobs doing other stuff and don't necessarily have the time to work on this at the minute.
There may also be other priorities which are higher than this.... they have just had to move the entire CVS repo off sourceforge to the Koozali infra as sourceforge was closing CVS - that took a lot of work, and was way more critical than this.
We all have other lives, and only 24 hours in the day.
Don't just wait for 'someone' to fix it - go have a look and see what you can find out about how it works and a possible solution. I'm sure if you start looking and ask sensible questions then people will give you a hand to look further. You can do that all on the bug you opened..... (and it is exactly how I started - you'll learn loads more too)
-
simply install smeserver-webapps-common it will give you the behaviour you ask.
https://wiki.contribs.org/Webapps-common
-
simply install smeserver-webapps-common it will give you the behaviour you ask.
https://wiki.contribs.org/Webapps-common
The poster is right... it would be nice to have a fix without resorting to more contribs. This should be default/core these days.
Just wanted to point out the realities of actually fixing it....
-
calisun
...... this thread is almost 6 months old.....
This Howto has existed for 10 years !
https://wiki.contribs.org/Https_redirection
-
The poster is right... it would be nice to have a fix without resorting to more contribs. This should be default/core these days.
Just wanted to point out the realities of actually fixing it....
never told the opposite, however if he is in a hurry here is a workaround, pretty easy to implement.
-
calisun
This Howto has existed for 10 years !
https://wiki.contribs.org/Https_redirection
Janet, you misunderstood my comment. When one tries to reply to an old thread, one gets a message that there has been no activity on this thread for over 90 day and one should consider creating new thread.
So I simply said I know that this thread is over 6 months old, but I am posting here any way :)
And thanks for the link, I have seen it before.
The point is that expected behavior of "Force" Secure connection, is not how it is actually behaving.
-
calisun
The 6 month/10 year comparison was just a play on words or a type of pun on my part (smile).
The point is that expected behavior of "Force" Secure connection, is not how it is actually behaving.
But that is interpretable, the idea at the time it was implemented may have been to force users to make a secure connection ie using https manually, rather than the system forcing the https connection. Granted that the behviour is really to block http connections, so the wording is in error or ambiguous or there was an error in coding or the actual coders intention.
The bug comments seem to suggest no action will be taken at present due to other php related coding efforts etc.
So my point really was that a very easy fix exists & has existed for at least 12 years (looking at dates on files), so a simple custom template would take 3 - 5 minutes to implement.
A more permanent "base system" fix would probably be a template anyway.
I recall having used this answer/method in the past quite satisfactorily.
No need to wait for someone else to come up with an answer.
-
I could only suggest to prefer to install smeserver-webapps-common rather than a template custom. The template inside will do the same.
The reason is : we would be able to obsolete this rpm if it is not needed anymore.
A template custom should only be used if we have no other option, from experience with recent updates of qpsmtpd, they could mess during an update.
-
If so, that contrib must be moved in smecontribs repo
-
Jean-Philippe
The reason is : we would be able to obsolete this rpm if it is not needed anymore.
Which rpm exactly are you referring to ?
-
Jean-Philippe
Which rpm exactly are you referring to ?
https://wiki.contribs.org/Webapps-common
yum install smeserver-webapps-common --enablerepo=fw
signal-event webapps-update