Opened 14 years ago
Closed 14 years ago
#16823 closed defect (bug) (invalid)
FORCE_SSL_LOGIN breaks login pages on multisite with subdirectories
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 3.1 |
| Component: | Multisite | Keywords: | close |
| Focuses: | Cc: |
Description
For WordPress 3.1 with multisite (subdirectories) and the default .htaccess file, using FORCE_SSL_LOGIN works fine for the main login page (/wp-login.php), but breaks for individual blogs' login pages (/NameOfBlog/wp-login.php).
This is either a documentation oversight (i.e., FORCE_SSL_LOGIN is not sufficient, you must add .htaccess rules too), or FORCE_SSL_LOGIN should do the right thing.
Basically, https://site.com/nameofblog/wp-login.php produces a 404 if you merely enable FORCE_SSL_LOGIN.
.htaccess is untouched since I installed WordPress:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
Change History (3)
#2
@
14 years ago
- Keywords close added
http://codex.wordpress.org/Administration_Over_SSL
Looks to me like the Codex already indicates that the server needs to be set up correctly. There are some examples already, but any user can update the Codex if you want to add more.
Marking this ticket to be closed.
#3
@
14 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
See
http://codex.wordpress.org/Administration_Over_SSL#Example_Config_Stanzas
and
http://core.trac.wordpress.org/ticket/10079
any user can update the Codex if you want to add more.
Right.
(Following up my own ticket)
This is not a bug, but docs should be updated to avoid confusion for other users.
The problem is that our name-based virtual host set up in Apache was set up only for port 80, so the .htaccess file (and its mod_rewrite rules) was being ignored for SSL pages.
The docs for FORCE_SSL_LOGIN should be updated to advise the user about this situation, and to give an example solution like this for httpd.conf:
NameVirtualHost *:443 <VirtualHost *:443> ServerName site.com <Directory "/var/www/html"> AllowOverride FileInfo Options </Directory> </VirtualHost>