Enforce SSL/HTTPS on frontend
Make it possible to enforce https on the control-panel.
One possibility is through a .htaccess file (Apache-only):
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://ispconfig.domain.de/$1 [R,L]
A more elegant implementation might be through php. The implementation of Roundcube 0.8 beta in the index.php (force_https is set in config.inc.php):
// check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
https_port = is_bool(
force_https) ? 443 : $force_https;
if (!rcube_https_check($https_port)) {
host = preg_replace('/:[0-9]+
/', '', $_SERVER['HTTP_HOST']);
host .= (
https_port != 443 ? ':' . $https_port : '');
header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
exit;
}
}