arnoldle / phplist-plugin-submitByMailPlugin

Elements of a plugin to submit messages to Phplist by mail. In development. Planning for June release.
3 stars 6 forks source link

Secure connection error #13

Open codealot2 opened 8 years ago

codealot2 commented 8 years ago

Hi, I'm trying to configure a list for submission by email, but I keep getting the error message 'You must have a secure connection (https) to access this page.' even though I am already using a secure https connection.

Thanks

arnoldle commented 8 years ago

Hi,

You must make sure that in fact you are accessing the page with https and not http. Just because you have arranged for a proper certificate does not mean that every connection to Phplist is secure. What is needed here is to insure that no one can access the submit-by-mail pages with http. An http connection is guaranteed to result in that message. This can be done by editing the configuration file for your web server. If you are on a hosting service using cPanel, you can create the necessary edits through cPanel.

You must set up a redirect than redirects any http connection to an https connection. An even safer thing to do is to redirect any attempt at an http connection to a “Page Not Found,”

I hope this helps.

Arnold

On May 25, 2016, at 1:19 PM, codealot2 notifications@github.com wrote:

Hi, I'm trying to configure a list for submission by email, but I keep getting the error message 'You must have a secure connection (https) to access this page.' even though I am already using a secure https connection.

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/issues/13

codealot2 commented 8 years ago

Hi Arnoldle, Thanks very much for your reply. Do you mean that even though it shows https://gator3115.hostgator.com/~oneworldarts/lists/admin/?page=configure_a_list&pi=submitByMailPlugin&tk=30cdfded5cc63b8e4 in the address bar it still may not be a secure connection? Thanks again,Susan

  From: arnoldle <notifications@github.com>

To: arnoldle/phplist-plugin-submitByMailPlugin phplist-plugin-submitByMailPlugin@noreply.github.com Cc: codealot2 smintz9@yahoo.com; Author author@noreply.github.com Sent: Friday, May 27, 2016 1:45 PM Subject: Re: [arnoldle/phplist-plugin-submitByMailPlugin] Secure connection error (#13)

Hi,

You must make sure that in fact you are accessing the page with https and not http. Just because you have arranged for a proper certificate does not mean that every connection to Phplist is secure. What is needed here is to insure that no one can access the submit-by-mail pages with http. An http connection is guaranteed to result in that message. This can be done by editing the configuration file for your web server. If you are on a hosting service using cPanel, you can create the necessary edits through cPanel.

You must set up a redirect than redirects any http connection to an https connection. An even safer thing to do is to redirect any attempt at an http connection to a “Page Not Found,”

I hope this helps.

Arnold

On May 25, 2016, at 1:19 PM, codealot2 notifications@github.com wrote:

Hi, I'm trying to configure a list for submission by email, but I keep getting the error message 'You must have a secure connection (https) to access this page.' even though I am already using a secure https connection.

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/issues/13

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

arnoldle commented 8 years ago

Possibly. We test that there is a secure connection by looking a several items in the superglobal $_SERVER array. If these items are not set correctly for your server, it is quite possible that the connection will be seen as insecure even if you are loading the page with the https protocol. See lines 273 - 292 in the file submitByMail.php. This is not my code, really. I adapted it from the code found at stackoverflow.com; the relevant reference is given in the comments in the lines I have cited.

The problem would seem to be in how your particular PHP installation interacts with your web server.

Arnold

On Jun 5, 2016, at 2:18 PM, codealot2 notifications@github.com wrote:

Hi Arnoldle, Thanks very much for your reply. Do you mean that even though it shows https://gator3115.hostgator.com/~oneworldarts/lists/admin/?page=configure_a_list&pi=submitByMailPlugin&tk=30cdfded5cc63b8e4 in the address bar it still may not be a secure connection? Thanks again,Susan

From: arnoldle notifications@github.com To: arnoldle/phplist-plugin-submitByMailPlugin phplist-plugin-submitByMailPlugin@noreply.github.com Cc: codealot2 smintz9@yahoo.com; Author author@noreply.github.com Sent: Friday, May 27, 2016 1:45 PM Subject: Re: [arnoldle/phplist-plugin-submitByMailPlugin] Secure connection error (#13)

Hi,

You must make sure that in fact you are accessing the page with https and not http. Just because you have arranged for a proper certificate does not mean that every connection to Phplist is secure. What is needed here is to insure that no one can access the submit-by-mail pages with http. An http connection is guaranteed to result in that message. This can be done by editing the configuration file for your web server. If you are on a hosting service using cPanel, you can create the necessary edits through cPanel.

You must set up a redirect than redirects any http connection to an https connection. An even safer thing to do is to redirect any attempt at an http connection to a “Page Not Found,”

I hope this helps.

Arnold

On May 25, 2016, at 1:19 PM, codealot2 notifications@github.com wrote:

Hi, I'm trying to configure a list for submission by email, but I keep getting the error message 'You must have a secure connection (https) to access this page.' even though I am already using a secure https connection.

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/issues/13

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/issues/13#issuecomment-223831684, or mute the thread https://github.com/notifications/unsubscribe/AFqj-7YmKStWonCEZ3NiqcAY9DvVAiPUks5qIyETgaJpZM4Im0sg.

codealot2 commented 8 years ago

Thanks Arnoldle! I will check that out. I'm sorry for my delay in reply. Susan

  From: arnoldle <notifications@github.com>

To: arnoldle/phplist-plugin-submitByMailPlugin phplist-plugin-submitByMailPlugin@noreply.github.com Cc: codealot2 smintz9@yahoo.com; Author author@noreply.github.com Sent: Monday, June 6, 2016 4:03 PM Subject: Re: [arnoldle/phplist-plugin-submitByMailPlugin] Secure connection error (#13)

Possibly. We test that there is a secure connection by looking a several items in the superglobal $_SERVER array. If these items are not set correctly for your server, it is quite possible that the connection will be seen as insecure even if you are loading the page with the https protocol. See lines 273 - 292 in the file submitByMail.php. This is not my code, really. I adapted it from the code found at stackoverflow.com; the relevant reference is given in the comments in the lines I have cited.

The problem would seem to be in how your particular PHP installation interacts with your web server.

Arnold

On Jun 5, 2016, at 2:18 PM, codealot2 notifications@github.com wrote:

Hi Arnoldle, Thanks very much for your reply. Do you mean that even though it shows https://gator3115.hostgator.com/~oneworldarts/lists/admin/?page=configure_a_list&pi=submitByMailPlugin&tk=30cdfded5cc63b8e4 in the address bar it still may not be a secure connection? Thanks again,Susan

From: arnoldle notifications@github.com To: arnoldle/phplist-plugin-submitByMailPlugin phplist-plugin-submitByMailPlugin@noreply.github.com Cc: codealot2 smintz9@yahoo.com; Author author@noreply.github.com Sent: Friday, May 27, 2016 1:45 PM Subject: Re: [arnoldle/phplist-plugin-submitByMailPlugin] Secure connection error (#13)

Hi,

You must make sure that in fact you are accessing the page with https and not http. Just because you have arranged for a proper certificate does not mean that every connection to Phplist is secure. What is needed here is to insure that no one can access the submit-by-mail pages with http. An http connection is guaranteed to result in that message. This can be done by editing the configuration file for your web server. If you are on a hosting service using cPanel, you can create the necessary edits through cPanel.

You must set up a redirect than redirects any http connection to an https connection. An even safer thing to do is to redirect any attempt at an http connection to a “Page Not Found,”

I hope this helps.

Arnold

On May 25, 2016, at 1:19 PM, codealot2 notifications@github.com wrote:

Hi, I'm trying to configure a list for submission by email, but I keep getting the error message 'You must have a secure connection (https) to access this page.' even though I am already using a secure https connection.

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/issues/13

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/arnoldle/phplist-plugin-submitByMailPlugin/issues/13#issuecomment-223831684, or mute the thread https://github.com/notifications/unsubscribe/AFqj-7YmKStWonCEZ3NiqcAY9DvVAiPUks5qIyETgaJpZM4Im0sg.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.