Sorry for bringing this up again as a new topic, but I finally managed to find where the problem is.

Although my website has the appropriate certificates and the LimeSurvey (Version 2.72.5+171121) has been installed in "https://.../limesurvey/" directory, the application does not work properly when "Force HTTPS" is on: the buttons "Save" and "Save & Close" in editing/adding a question do not respond. Also, the notifications do not work and when a database backup is requested, the application "hangs" (a "Waiting server response" message appears and the download is never completed).

Experiments have shown, however, that when the URL of the questionnaire is distributed as "https", the data is recorded normally and (rather) without problems.

Shouldn't, neverhteless, LimeSurvey work with https protocol? Are there some server setting I should ask for?

Older versions of LimeSurvey, like 1.95 and 2.05, did not have such problems (at least not on my server).

Please note that the installation of Joomla on my website works without problems with the https protocol.

Thanks

we use https without problem on our SAAS, so I'd say it's a server configuration problem on your side.

Thanks for your response. My administrator says that searching into the log files, some connection time outs were found and she increased the timeout limits of php (ver. 5.6). However, the problem was not solved and she insists that this is an application problem.

I am not sure whether the information in the attachment could help. It is found in the error_log file on my server, after I tried to add a new question and ended up with the LimeSurvey behaviour described in my first message.

This "user.ini" file is in the httpdocs directory where joomla is installed in that directory, the limesurvey directory is also found. The lines 30-36 of the user.ini file are the following:

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]

Could this be related with the problem? Would it be safe to comment out it?

Well, just insist toward your administrator: we're using SSL for hundreds of installations here without problems.

So, I guess there is no way to establish which settings might prevent the operation of LimeSurvey under the https protocol?

yes there is:
www.limesurvey.org/forum/installation-a-...ity-force-https-long

code:
github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L4100-L4127

default:
github.com/LimeSurvey/LimeSurvey/blob/ma...ig-defaults.php#L487

Update your config.php file if you want to change its value.

baltzis wrote: # Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
Could this be related with the problem? Would it be safe to comment out it?

You can comment that line out to see if it have any impact on LimeSurvey.
Depending on your webserver setup, you can apply such settings folderwise.
That way you keep the URL-rewriting for Joomla and keep LimeSurvey free of the URL-modification.
Since the complete user.ini is applied on your LimeSurvey installation you might post the complete user.ini.

Without getting the complete webserver configuration there might be other things which interfere with LimeSurvey.

It did not occur to me that this might be a problem and I don't know how to apply these setting folderwise (or should I say "excluding a certain folder"). Anyway, this is the complete ".user.ini" file. Thanks.


##
# @package Joomla
# @copyright Copyright (C) 2005 - 2016 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of mod_rewrite, but it may have already been set by your
# server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##

## No directory listings
IndexIgnore *

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

I am sorry for my ignorance (I am not a specialist), but I am not sure what I should do with the code provided at

github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L4100-L4127

Where did you install Limesurvey in the webroot? You should make sure, that Joomla and LimeSurvey are separated. The user.ini contents are part of the typical Joomla-installation and should only be applied to Joomla. The whole webspace seems to be optimized to a single Joomla-installation.
Depending on your hosting you might can get a separate installation via a subdomain (e.g. limesurvey.yourdomain.tld.). The other option would be to move Joomla in a subdirectory. That would allow you to install more than one webapplication side by side without having issues with rewriting rules.

I see. Joomla is installed in my root directory (httpdocs), because it is installed as my main web page (web site baltzis.webpages.auth.gr ). Within this directory, LimeSurvey is installed in the subdirectory "limesurvey" ( baltzis.webpages.auth.gr/limesurvey ). The problem then occurs because of this structure of my root directory?

httpdocs/
---/limesurvey

Thanks