Secure the modx manager
In order to secure the modx manager your server needs to be properly configured to support https connections. To find out if your server supports secure connections talk to your server administrator. If you run your own server there are lots of resources that show how to install install SSL yourself.
What you want to achieve is that when a user goes to http://YOUR-SITE.COM/manager he is automatically redirected to the secure version https://YOUR-SITE.COM/manager. To do it, open the manager folder and look for the ht.access file. Rename it to .htaccess and make sure the code looks similar to:
# For unexpected logouts in multi-server/cloud environments see:
# http://svn.modxcms.com/docs/display/MODx096/Friendly+URL+Solutions
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<IfModule mod_security.c>
# Turn the filtering engine Off
SecFilterEngine Off
</IfModule>
There are situations when your secure certificate has to be accessed with URLs like https://secure.YOUR-SITE.com. In this case you can use the following rewrite rule:
RewriteRule (.*) https://secure.YOUR-SITE.com%{REQUEST_URI}
When the HTTPS environment variable is not available on your server you ca use the SERVER_PORT variable. Just change the rewrite condition to:
RewriteCond %{SERVER_PORT} !443
This article was inspired by Joseph Scott's post.
Notes:
- If you are looking to secure a modx page have a look at the SSL plugin.
- It also works on IIS servers with ISAPI Rewrite
- It is possible that none of above will work with your server configuration. You would have to do some digging yourself to make it work.
Write a comment