Secure the modx manager

on 09-Mar-2010 | Comments ( 0 ) Tags: Evolution

In order to secure the modx manager your server needs to be properly configured to support https connections. To find out if your server supports secure connections talk to your server administrator. If you run your own server there are lots of resources that show how to install install SSL yourself.

What you want to achieve is that when a user goes to http://YOUR-SITE.COM/manager he is automatically redirected to the secure version https://YOUR-SITE.COM/manager. To do it, open the manager folder and look for the ht.access file. Rename it to .htaccess and make sure the code looks similar to:

# For unexpected logouts in multi-server/cloud environments see:
# http://svn.modxcms.com/docs/display/MODx096/Friendly+URL+Solutions

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

<IfModule mod_security.c>
# Turn the filtering engine Off
SecFilterEngine Off
</IfModule>

There are situations when your secure certificate has to be accessed with URLs like https://secure.YOUR-SITE.com. In this case you can use the following rewrite rule:

RewriteRule (.*) https://secure.YOUR-SITE.com%{REQUEST_URI}

When the HTTPS environment variable is not available on your server you ca use the SERVER_PORT variable. Just change the rewrite condition to:

RewriteCond %{SERVER_PORT} !443

This article was inspired by Joseph Scott's post.

Notes:

Write a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.
 

Quick modx Evolution Tags

  • cached [[snippet]] or uncached [!snippet!]
  • {{chunk}}
  • [+placeholder+]
  • [*resourceField/TV*]
  • [^timing^]
  • [~link~]

Quick modx Revolution Tags

  • [[snippet]]
  • [[$chunk]]
  • [[+placeholder]]
  • [[*resourceField/TV]]
  • [[~link]]
  • [^timing^]
  • [[++systemSetting]]
  • [[%languageStringKey]]
  • all tags can be called un-cached like: [[! snippet]]

Timing Tags (Evo and Revo)

  • [^qt^] - Query time
  • [^q^] - Query count
  • [^p^] - Parse time
  • [^t^] - Total time
  • [^s^] - Source
© modxRULES! 2009-2014