Posted on Mon, 09/14/2015 - 14:12
Improve Internet Security with SSL & Drupal

The situation with SSL and Drupal 7 is all a bit of a mess, there is a module - Secure Pages - which allows mixed use, but it seems to be riddled with problems and needs core to be patched! So, what is the alternative? After a frustrating day, I've finally got the method, so here it is before I forget...

In settings php you need to add the following - it is NOT there in the default version:

$_SERVER['HTTPS'] = 'on';

This then works with these re-write rules which are now baked into D7 .htaccess

RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]

Also in settings.php you will need to set the base url to:

$base_url = 'https://mydomain.com';

or your css will not load.

Thirdly, these redirect settings need to go into the top of the root .htaccess file:

# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Once you have all that in place, clear the cache, clear varnish and you should be good to go. More info can be found here:

http://drupal.stackexchange.com/questions/24072/how-to-simply-make-the-w...
https://www.drupal.org/https-information#comment-5922430

Add new comment

Request a Free Quotation

Your Name