Hi I'm running silverstripe 2.4.5, can anyone point me to any documentation on how I get these areas protected by SSL?
Currently in _config.php
I have
Director :: set_environment_type ('live');
//force SSL
$force_ssl = array("/admin/","/Security/");
$current_url = $_SERVER['REQUEST_URI'];
if (in_array($current_url,$force_ssl)) {
Director::forceSSL();
} elseif ( isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on')) {
$destURL = str_replace('https','http', Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die('<h1>Your browser is not accepting header redirects</h1><p>Please <a href="'.$destURL.'">click here</a>');
}
But this seems to do some of the job but gets into redirection loops and also does not protect the form the credentials are sent to.
Thanks