HTTPS problems

More
8 months 2 weeks ago #161298 by baltzis
baltzis created the topic: HTTPS problems
Sorry for bringing this up again as a new topic, but I finally managed to find where the problem is.

Although my website has the appropriate certificates and the LimeSurvey (Version 2.72.5+171121) has been installed in "https://.../limesurvey/" directory, the application does not work properly when "Force HTTPS" is on: the buttons "Save" and "Save & Close" in editing/adding a question do not respond. Also, the notifications do not work and when a database backup is requested, the application "hangs" (a "Waiting server response" message appears and the download is never completed).

Experiments have shown, however, that when the URL of the questionnaire is distributed as "https", the data is recorded normally and (rather) without problems.

Shouldn't, neverhteless, LimeSurvey work with https protocol? Are there some server setting I should ask for?

Older versions of LimeSurvey, like 1.95 and 2.05, did not have such problems (at least not on my server).

Please note that the installation of Joomla on my website works without problems with the https protocol.

Thanks

Please Log in or Create an account to join the conversation.

More
8 months 2 weeks ago #161300 by LouisGac
LouisGac replied the topic: HTTPS problems
we use https without problem on our SAAS, so I'd say it's a server configuration problem on your side.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161331 by baltzis
baltzis replied the topic: HTTPS problems
Thanks for your response. My administrator says that searching into the log files, some connection time outs were found and she increased the timeout limits of php (ver. 5.6). However, the problem was not solved and she insists that this is an application problem.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161332 by baltzis
baltzis replied the topic: HTTPS problems
I am not sure whether the information in the attachment could help. It is found in the error_log file on my server, after I tried to add a new question and ended up with the LimeSurvey behaviour described in my first message.

This "user.ini" file is in the httpdocs directory where joomla is installed in that directory, the limesurvey directory is also found. The lines 30-36 of the user.ini file are the following:

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]

Could this be related with the problem? Would it be safe to comment out it?

File Attachment:

File Name: error_log.txt
File Size:4 KB
Attachments:

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161333 by LouisGac
LouisGac replied the topic: HTTPS problems
Well, just insist toward your administrator: we're using SSL for hundreds of installations here without problems.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161339 by baltzis
baltzis replied the topic: HTTPS problems
So, I guess there is no way to establish which settings might prevent the operation of LimeSurvey under the https protocol?

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161340 by LouisGac
LouisGac replied the topic: HTTPS problems

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161354 by jelo
jelo replied the topic: HTTPS problems

baltzis wrote: # Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
Could this be related with the problem? Would it be safe to comment out it?

You can comment that line out to see if it have any impact on LimeSurvey.
Depending on your webserver setup, you can apply such settings folderwise.
That way you keep the URL-rewriting for Joomla and keep LimeSurvey free of the URL-modification.
Since the complete user.ini is applied on your LimeSurvey installation you might post the complete user.ini.

Without getting the complete webserver configuration there might be other things which interfere with LimeSurvey.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161392 by baltzis
baltzis replied the topic: HTTPS problems
It did not occur to me that this might be a problem and I don't know how to apply these setting folderwise (or should I say "excluding a certain folder"). Anyway, this is the complete ".user.ini" file. Thanks.


##
# @package Joomla
# @copyright Copyright (C) 2005 - 2016 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of mod_rewrite, but it may have already been set by your
# server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##

## No directory listings
IndexIgnore *

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161394 by baltzis
baltzis replied the topic: HTTPS problems
I am sorry for my ignorance (I am not a specialist), but I am not sure what I should do with the code provided at

github.com/LimeSurvey/LimeSurvey/blob/ma...lper.php#L4100-L4127

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161402 by jelo
jelo replied the topic: HTTPS problems
Where did you install Limesurvey in the webroot? You should make sure, that Joomla and LimeSurvey are separated. The user.ini contents are part of the typical Joomla-installation and should only be applied to Joomla. The whole webspace seems to be optimized to a single Joomla-installation.
Depending on your hosting you might can get a separate installation via a subdomain (e.g. limesurvey.yourdomain.tld.). The other option would be to move Joomla in a subdirectory. That would allow you to install more than one webapplication side by side without having issues with rewriting rules.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161412 by baltzis
baltzis replied the topic: HTTPS problems
I see. Joomla is installed in my root directory (httpdocs), because it is installed as my main web page (web site baltzis.webpages.auth.gr ). Within this directory, LimeSurvey is installed in the subdirectory "limesurvey" ( baltzis.webpages.auth.gr/limesurvey ). The problem then occurs because of this structure of my root directory?

httpdocs/
---/limesurvey

Thanks

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161425 by jelo
jelo replied the topic: HTTPS problems

baltzis wrote: The problem then occurs because of this structure of my root directory?

Since Limesurvey and Joomla are doing operations on the URL, it is not the recommend to install them inside each other.
That way settings/rules inside user.ini are applied to parts which they are not made for.
If you only have one webspace, you better put every webapplication in a subdirectory.

webroot
-limesurvey
-joomla

In every subdirectory settings/rule can be applied via .user.ini/.htaccess etc.

I use different webspaces or subdomains to separate webapplications. That keeps the customization to a minimum.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #161427 by baltzis
baltzis replied the topic: HTTPS problems
Thank you so much. I will consult with my administrator, conduct some experiments and come back if necessary or let you know whether this resolves the https problem.

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!