Question
I want to allow
http
for actions that don't need authentication (
view
,
search
and maybe
viewfile
), but I want to force
https
for all other actions (mainly
viewauth
,
edit
, ...)
One solution is to use the trick described in
HowToForceSecureLoginForSomeWebs to redirect
http
requests to
https
requests.
I also want that if a
view
action comes from
http
the topic is displayed without headers and footers.
I can make the patches to the perl source files.
I want to know if someone already did these modifications, and if other people are interested if I provide such a patch.
A few hours later...
I should probably take another approach...
If I configure TWiki such that it creates a static variant of all the topics,
I can make TWiki run under the
https
server and the
http
server will only know about the static pages.
Apparently
CacheAddOn would be a good starting point for this approach.
But it will need some changes: for example the static
http
version should not be exactly the same as the
https
version, because e.g. links to
edit
should not appear.
Environment
TWiki version: |
20040320beta |
--
LouisGranboulan - 25 Jun 2004
Answer
Louis - can you take this idea to the Codev web (i think you can move the topic) as this and
HowToForceSecureLoginForSomeWebs have serious significance, and I could do with help in this area (I have no experience in ssl, and have not had any need in my own twiki work) and would like TWiki to do ssl in an integrated fashion
--
SvenDowideit - 27 Jun 2004