- Posts: 103
- Thank you received: 4
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
HTTPS problems
- baltzis
- Topic Author
- Offline
- Premium Member
Less
More
6 years 4 months ago #161298
by baltzis
HTTPS problems was created by baltzis
Sorry for bringing this up again as a new topic, but I finally managed to find where the problem is.
Although my website has the appropriate certificates and the LimeSurvey (Version 2.72.5+171121) has been installed in "https://.../limesurvey/" directory, the application does not work properly when "Force HTTPS" is on: the buttons "Save" and "Save & Close" in editing/adding a question do not respond. Also, the notifications do not work and when a database backup is requested, the application "hangs" (a "Waiting server response" message appears and the download is never completed).
Experiments have shown, however, that when the URL of the questionnaire is distributed as "https", the data is recorded normally and (rather) without problems.
Shouldn't, neverhteless, LimeSurvey work with https protocol? Are there some server setting I should ask for?
Older versions of LimeSurvey, like 1.95 and 2.05, did not have such problems (at least not on my server).
Please note that the installation of Joomla on my website works without problems with the https protocol.
Thanks
Although my website has the appropriate certificates and the LimeSurvey (Version 2.72.5+171121) has been installed in "https://.../limesurvey/" directory, the application does not work properly when "Force HTTPS" is on: the buttons "Save" and "Save & Close" in editing/adding a question do not respond. Also, the notifications do not work and when a database backup is requested, the application "hangs" (a "Waiting server response" message appears and the download is never completed).
Experiments have shown, however, that when the URL of the questionnaire is distributed as "https", the data is recorded normally and (rather) without problems.
Shouldn't, neverhteless, LimeSurvey work with https protocol? Are there some server setting I should ask for?
Older versions of LimeSurvey, like 1.95 and 2.05, did not have such problems (at least not on my server).
Please note that the installation of Joomla on my website works without problems with the https protocol.
Thanks
The topic has been locked.
- LouisGac
- Visitor
6 years 4 months ago #161300
by LouisGac
Replied by LouisGac on topic HTTPS problems
we use https without problem on our SAAS, so I'd say it's a server configuration problem on your side.
The topic has been locked.
- baltzis
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 103
- Thank you received: 4
6 years 4 months ago #161331
by baltzis
Replied by baltzis on topic HTTPS problems
Thanks for your response. My administrator says that searching into the log files, some connection time outs were found and she increased the timeout limits of php (ver. 5.6). However, the problem was not solved and she insists that this is an application problem.
The topic has been locked.
- baltzis
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 103
- Thank you received: 4
6 years 4 months ago #161332
by baltzis
Replied by baltzis on topic HTTPS problems
I am not sure whether the information in the attachment could help. It is found in the error_log file on my server, after I tried to add a new question and ended up with the LimeSurvey behaviour described in my first message.
This "user.ini" file is in the httpdocs directory where joomla is installed in that directory, the limesurvey directory is also found. The lines 30-36 of the user.ini file are the following:
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
Could this be related with the problem? Would it be safe to comment out it?
This "user.ini" file is in the httpdocs directory where joomla is installed in that directory, the limesurvey directory is also found. The lines 30-36 of the user.ini file are the following:
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
Could this be related with the problem? Would it be safe to comment out it?
Attachments:
The topic has been locked.
- LouisGac
- Visitor
6 years 4 months ago #161333
by LouisGac
Replied by LouisGac on topic HTTPS problems
Well, just insist toward your administrator: we're using SSL for hundreds of installations here without problems.
The topic has been locked.
- baltzis
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 103
- Thank you received: 4
6 years 4 months ago #161339
by baltzis
Replied by baltzis on topic HTTPS problems
So, I guess there is no way to establish which settings might prevent the operation of LimeSurvey under the https protocol?
The topic has been locked.
- LouisGac
- Visitor
6 years 4 months ago #161340
by LouisGac
Replied by LouisGac on topic HTTPS problems
yes there is:
www.limesurvey.org/forum/installation-a-...ity-force-https-long
code:
github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L4100-L4127
default:
github.com/LimeSurvey/LimeSurvey/blob/ma...ig-defaults.php#L487
Update your config.php file if you want to change its value.
www.limesurvey.org/forum/installation-a-...ity-force-https-long
code:
github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L4100-L4127
default:
github.com/LimeSurvey/LimeSurvey/blob/ma...ig-defaults.php#L487
Update your config.php file if you want to change its value.
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
6 years 4 months ago #161354
by jelo
Depending on your webserver setup, you can apply such settings folderwise.
That way you keep the URL-rewriting for Joomla and keep LimeSurvey free of the URL-modification.
Since the complete user.ini is applied on your LimeSurvey installation you might post the complete user.ini.
Without getting the complete webserver configuration there might be other things which interfere with LimeSurvey.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic HTTPS problems
You can comment that line out to see if it have any impact on LimeSurvey.baltzis wrote: # Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
Could this be related with the problem? Would it be safe to comment out it?
Depending on your webserver setup, you can apply such settings folderwise.
That way you keep the URL-rewriting for Joomla and keep LimeSurvey free of the URL-modification.
Since the complete user.ini is applied on your LimeSurvey installation you might post the complete user.ini.
Without getting the complete webserver configuration there might be other things which interfere with LimeSurvey.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- baltzis
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 103
- Thank you received: 4
6 years 4 months ago #161392
by baltzis
Replied by baltzis on topic HTTPS problems
It did not occur to me that this might be a problem and I don't know how to apply these setting folderwise (or should I say "excluding a certain folder"). Anyway, this is the complete ".user.ini" file. Thanks.
##
# @package Joomla
# @copyright Copyright (C) 2005 - 2016 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of mod_rewrite, but it may have already been set by your
# server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##
## No directory listings
IndexIgnore *
## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
##
# @package Joomla
# @copyright Copyright (C) 2005 - 2016 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of mod_rewrite, but it may have already been set by your
# server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##
## No directory listings
IndexIgnore *
## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The topic has been locked.
- baltzis
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 103
- Thank you received: 4
6 years 4 months ago #161394
by baltzis
Replied by baltzis on topic HTTPS problems
I am sorry for my ignorance (I am not a specialist), but I am not sure what I should do with the code provided at
github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L4100-L4127
github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L4100-L4127
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
6 years 4 months ago #161402
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic HTTPS problems
Where did you install Limesurvey in the webroot? You should make sure, that Joomla and LimeSurvey are separated. The user.ini contents are part of the typical Joomla-installation and should only be applied to Joomla. The whole webspace seems to be optimized to a single Joomla-installation.
Depending on your hosting you might can get a separate installation via a subdomain (e.g. limesurvey.yourdomain.tld.). The other option would be to move Joomla in a subdirectory. That would allow you to install more than one webapplication side by side without having issues with rewriting rules.
Depending on your hosting you might can get a separate installation via a subdomain (e.g. limesurvey.yourdomain.tld.). The other option would be to move Joomla in a subdirectory. That would allow you to install more than one webapplication side by side without having issues with rewriting rules.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- baltzis
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 103
- Thank you received: 4
6 years 4 months ago #161412
by baltzis
Replied by baltzis on topic HTTPS problems
I see. Joomla is installed in my root directory (httpdocs), because it is installed as my main web page (web site
baltzis.webpages.auth.gr
). Within this directory, LimeSurvey is installed in the subdirectory "limesurvey" (
baltzis.webpages.auth.gr/limesurvey
). The problem then occurs because of this structure of my root directory?
httpdocs/
---/limesurvey
Thanks
httpdocs/
---/limesurvey
Thanks
The topic has been locked.