WebFaction
Community site: login faq

Referring to:- http://community.webfaction.com/questions/875/the-recommended-way-for-securing-django-admin-with-sslhttps

Although I need to expand the https to the main site.

But I'm using Django-Registration. When a punter logs in every page shows Logged In. So not sure if somehow the entire site needs to be https secure if logged in but http if not logged in?

Given that I love the quote (paraphrased) - 'if you need Regular Expressions, now you've got two problems' I'd say the middleware solution seems much easier than making changes to httpd.conf (unless some blanket allURLs solution is appropriate). A Middleware approach discussed here:-

http://stackoverflow.com/questions/2799450/django-https-for-just-login-page Linking to this http://djangosnippets.org/snippets/85/

With a Webfaction specific version here http://www.djangosnippets.org/snippets/240/

Which has a link to this (from the last comment). Crikey. http://djangosnippets.org/snippets/1706/

So - If logged in should every page be https or is that overkill (and may slow the site down as well as potentially leading to people sending https links to their Social Media/email etc when perhaps not appropriate). Maybe only Secure pages which POST information? Best mechanism to do this? For a non Apache/Linux/Server expert.

Cheers

asked 02 Dec '10, 05:57

Parthian's gravatar image

Parthian
16410
accept rate: 0%

edited 02 Dec '10, 09:35


The answer to the question "Which parts of my site need to be served via HTTPS?" isn't something we can really answer for you, at least not in specific terms.

In the most general terms, you need to use HTTPS whenever there is information that you want to protect, eg:

  • Forms that submit sensitive information should post to a HTTPS location
  • Pages that serve sensitive information should be served via HTTPS

So, figure out which parts of your site need to be served via HTTPS, and then make that happen.

I would avoid redirecting from HTTP to HTTPS via middleware whenever possible - it's more efficient to do that directly in Apache via mod_rewrite, regex-phobia notwithstanding :). There are countless examples and tutorials on the web to help you with that.

permanent link

answered 02 Dec '10, 14:39

seanf's gravatar image

seanf ♦♦
12.0k21534
accept rate: 37%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×893
×86
×70
×1

question asked: 02 Dec '10, 05:57

question was seen: 4,163 times

last updated: 02 Dec '10, 14:39

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2017 PARAGON INTERNET GROUP LIMITED
WEBFACTION IS A SERVICE OF PARAGON INTERNET GROUP LIMITED
REGISTERED IN ENGLAND AND WALES 7573953 - VAT REGISTRATION NUMBER 182147021
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM