I have seemed to have created myself another problem where as when someone tries to login using http://[website]/users.php they get this message:
-----------
Error 403
We're sorry, but we could not fulfill your request for /users.php on this server.
You do not have permission to access this server. Data may not be posted from offsite forms
<more lines....>
-------
logging into the site using https://[website] works just fine.

Removed the .htaccess and still same thing. users.php Permissions are 644 and non-root.non-root

Just upgraded to 1.1.1 from 1.1.0 no change.

Thank you in advance

It is the Bad Behavior plugin. What is happening is they are probably using http://yoursitehere.com/users.php, but the $_CONF['site_url'] is www.yoursitehere.com, to the URL in the header doesn't match what is in the form.

What I've done is setup a redirect in Apache so anything to glfusion.org redirects to www.glfusion.org.

Thanks!
Mark

Once again, thank you

Testing by disabling Bad-behavior things did work.

I have multiple differnet domains pointed to the same site which are quite different than my apache site name that is set in the gl_conf_values (site_url and site_admin_url). Guess I had better learn about doing redirects in apache.

On another note: I had in the past dropped the site_url and site_admin_url too:
site_url = s:0:""
site_admin_url = s:6:"/admin"

to enable access to the site, which sits in a outside DMZ, from internal trusted network. This kinda works as several admin functions do not work.

Not sure what the interaction would be with Bad_behavior as well.

JohnF

Looking at mod_alias and mod_rewrite for Redirect it seems that mod_alias is the simpler: "redirect permanent / http://www.[sitename.org]"

I can see in the apache 2.2 doc's docs of redirect changing things like resources but not URL's i.e. "redirect permanent /file-resource-1 http://www.[sitename.org]/file-resource-2"
I did not see anything that redirects [sitename.org] to www.[sitename.org] unless that is the first above redirect permanent statement?

Looking at mod_rewrite I did find a nice rule to change incoming http sessions to https which direct users into an SSL environment. (thank you CA-Cert.org for those server.crt's)

# Basic rewrite rule for http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I did not find rule yet to fulfill the [sitename.org] to www.[sitename.org] redirect. I would also want something to do [www.vhost1-sitename.org] to www.[sitename.org] and [www.vhost2-sitename.org] to www.[sitename.org]...

This is all new to me. Currently that only way I can get things to work is to disable Bad-behavior (which I did not want to do). I don't think this was an issue back in 1.0.2 or ealier (I could be wrong).

Still plugging away....
JohnF

Well the Rewrite rule does force the https session. It breaks the login (form flow?). To bad as I really like working in a secure connection.

I recreated the server.crt to match the site fully qualified url and now everything matches. I enabled Bad-behavior plugin and its all seems to work.

I keep digging a new hole. as originally I could start an X session on the servers console and login to the site (which resides on the box's localhost) using http://localhost or http://127.0.0.1 to connect. Now it tries to go out to the web looking for www.[sitename].org which means most likely its a /etc/hosts resolution fix on the local machine

I would really like to see/learn the proper method to redirect a series of different incoming url's to a single local url.

www.[sitename1.org] to http://www.[local-sitename].org
[sitename1.org] to http://www.[local-sitename].org
www.[sitename2.org] to http://www.[local-sitename].org
[sitename2.com] to http://www.[local-sitename].org
...

or how about redirection to a SSL connection?

www.[sitename1.org] to https://www.[local-sitename].org
[sitename1.org] to https://www.[local-sitename].org

www[sitename2.com] to https://www.[local-sitename].org
[sitename2.org] to https://www.[local-sitename].org