I am running into difficulties with moodle security and am hoping someone can give me some direction. I need for the https to apply to my entire site and am assuming that I need to enable the secure cookies setting under the http security setting. Here is what is shows me:
"If server is accepting only https connections it is recommended to enable sending of secure cookies. If enabled please make sure that web server is not accepting http:// or set up permanent redirection to https:// address. When wwwroot address does not start with https:// this setting is turned off automatically."
I am on a hosted site and am told that I can "script" to make this happen, but don't know how. Please help if you can. Thanks, Ryan
Secure cookies in Moodle
Number of replies: 2This forum post has been removed
The content of this forum post has been removed and can no longer be accessed.
Re: Secure cookies in Moodle
Thank you Adam, This seems to have worked. I entered the s into the config.php file in the root level and it changed it all to https. I tried to set up the htaccess rewrite, by looking into myapache and found the below lines of code, which I modified and tried to install, but don't understand what else I need to add to the file in terms of tags to make it work. I replaced the "server_name" with my domain but did not work, kept getting an error 500 or 403.
The good news is I am using my root for my entire system and it is all encrypted now. Thanks, Wanted to share the below if others find it helpful.
## REQUIRE SSL EVEN WHEN MOD_SSL IS NOT LOADED ###
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
=========================================================#
SSL SECURITY
=========================================================#
-> http://www.askapache.com/htaccess/ssl-example-usage-in-htaccess.html
##########
## MOST SECURE WAY TO REQUIRE SSL ###
-> http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "domain.tld"
ErrorDocument 403 https://domain.tld
The good news is I am using my root for my entire system and it is all encrypted now. Thanks, Wanted to share the below if others find it helpful.
## REQUIRE SSL EVEN WHEN MOD_SSL IS NOT LOADED ###
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
=========================================================#
SSL SECURITY
=========================================================#
-> http://www.askapache.com/htaccess/ssl-example-usage-in-htaccess.html
##########
## MOST SECURE WAY TO REQUIRE SSL ###
-> http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "domain.tld"
ErrorDocument 403 https://domain.tld