Phaedrus 209521 Report post Posted November 6, 2015 Anything that involves a redirect seems to drop you back to http - I've mentioned it to Mod in the past. I've also noticed that opening a link in a new tab sometimes gives you http, even though the link itself is https, but I have no idea what triggers it. 1 Quote Share this post Link to post Share on other sites
backrubman 64800 Report post Posted November 6, 2015 Anything that involves a redirect seems to drop you back to http - I've mentioned it to Mod in the past. I've also noticed that opening a link in a new tab sometimes gives you http, even though the link itself is https, but I have no idea what triggers it. Thanks, I thought it might just be me. There is a browser extension (HTTPS Everywhere) for Firefox, Chrome, and Opera that can help to compensate for the deficiency but of course the best approach would be to correct the problem with the site so that people who don't have this work around installed are as protected as they can be. The in mean time I guess it's a good idea for everyone (particularly people on hotel or similar Wifi networks) to keep an eye on the address bar and go back to https when they see it disappear and revert to plain text http. I actually discovered this wonderful place when I was asked to do a security audit of a hotel Wifi network many years ago and of course we were easily able to capture the credentials of people logging into this site right out of thin air (the password was sent in the clear as simple hash). Quote Share this post Link to post Share on other sites
mod 135640 Report post Posted November 6, 2015 I can not find a solution for this. I have looked on google and through all the 1000's of settings in the admin and I don't know how to fix it. Anyone else use vbulletin and know how this can be fixed I am open for suggestions. Quote Share this post Link to post Share on other sites
backrubman 64800 Report post Posted November 6, 2015 I can not find a solution for this. I have looked on google and through all the 1000's of settings in the admin and I don't know how to fix it. Anyone else use vbulletin and know how this can be fixed I am open for suggestions. Apparently, you can use a bigger hammer (but I'd be careful with such a change employing proper change management approaches with a back out plan until I was certain I got it right). Apache mod_rewrite to the rescue? # Always Forced www to non www and go to https RewriteCond %{HTTP_HOST} ^www.(.+)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L] # Always Forced http to https RewriteCond %{HTTPS} off RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] Quote Share this post Link to post Share on other sites
mod 135640 Report post Posted November 9, 2015 Some directories such as the chatroom link must be http and i am not good at these rewrite rules. How does one exclude some directories do you know? Quote Share this post Link to post Share on other sites
blacklabdog 3049 Report post Posted November 9, 2015 I used to run two message boards (not vbulletin) and found User forum always had the answer to any question I had or I was able to get quick answers for any question where a Search didnt turn up the solution Quote Share this post Link to post Share on other sites
