Enforce SSL/HTTPS on frontend
Make it possible to enforce https on the control-panel.
One possibility is through a .htaccess file (Apache-only):
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://ispconfig.domain.de/$1 [R,L]
A more elegant implementation might be through php. The implementation of Roundcube 0.8 beta in the index.php (force_https is set in config.inc.php):
// check if https is required (for login) and redirect if necessary if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) { $https_port = is_bool($force_https) ? 443 : $force_https; if (!rcube_https_check($https_port)) { $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $host .= ($https_port != 443 ? ':' . $https_port : ''); header('Location: https://' . $host . $_SERVER['REQUEST_URI']); exit; } }