MyBB

DavidS111 · 2018-07-14, 10:48 PM

I added MyBB to a secure website, but when I ran MyBB, the Browser showed an error icon instead of the lock icon. The problem was that I want to run MyBB with "www.example.com" instead of "https://www.example.com". I want life to be easy for my visitors.

Here is my solution:

1 added the following to the top-level .htaccess file:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com
RewriteRule ^(.*)$ https://www.example.com/forum/$1 [R,L]

I also commented out the following two lines:

    # Turn off mod_security filtering.
#ds    SecFilterEngine Off

    # The below probably isn't needed, but better safe than sorry.
#ds    SecFilterScanPOST Off
</IfModule>

It seems to work okay.

Serpius · 2018-07-14, 11:06 PM

(2018-07-14, 10:48 PM)DavidS111 Wrote: I added MyBB to a secure website, but when I ran MyBB, the Browser showed an error icon instead of the lock icon. The problem was that I want to run MyBB with "www.example.com" instead of "https://www.example.com". I want life to be easy for my visitors.

Here is my solution:

1 added the following to the top-level .htaccess file:
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com
RewriteRule ^(.*)$ https://www.example.com/forum/$1 [R,L]
I also commented out the following two lines:
    # Turn off mod_security filtering.
#ds    SecFilterEngine Off

    # The below probably isn't needed, but better safe than sorry.
#ds    SecFilterScanPOST Off
</IfModule>
It seems to work okay.

Here's how I have my .htaccess setup...

Top portion of my .htaccess file

SubstituteMaxLineLength 20M
LimitRequestBody 99999999999
SetEnv PHPRC /xxxxxxxx/xxxxxxxx/public_html/php.ini (2 folders intentionally X'd out)
#Always redirect to https://luxorforums.com/
RewriteEngine on

# Some hosts require RewriteBase to make RewriteRules work.
RewriteBase /

# Google SEO workaround for search.php highlights:
# Make this rule the first rewrite rule in your .htaccess!
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^([^&]*)&(.*)$ https://luxorforums.com/$1?$2 [L,QSA,R=301]

Bottom portion of my .htaccess file

<IfModule mod_security.c>
    # Turn off mod_security filtering.
    SecFilterEngine Off

    # The below probably isn't needed, but better safe than sorry.
    SecFilterScanPOST Off
</IfModule>


#
# If Apache is compiled with built in mod_deflade/GZIP support
# then GZIP Javascript, CSS, HTML and XML so they're sent to
# the client faster.
#
<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/css text/html application/xhtml+xml text/xml application/xml text/plain text/x-component application/javascript application/x-javascript application/rss+xml application/atom+xml application/json application/manifest+json application/x-web-app-manifest+json application/vnd.ms-fontobject application/font-sfnt application/font-woff application/font-woff2 image/svg+xml image/x-icon
</IfModule>

# Note: You are able to choose a different name in the Admin CP. If you've done that you need to change it here too
<Files "error.log">
	Order Deny,Allow
	Deny from all
</Files>

When I do it this way... I can input any of the following ways and it still goes straight to my website.

http://luxorforums.com
https://luxorforums.com
http://www.luxorforums.com
https://www.luxorfourms.com
www.luxorforums.com
luxorforums.com

Any of those will work no matter how it's inputted in the browser URL box.

DavidS111 · 2018-07-14, 11:27 PM

You may not have noticed that my situation is different from yours. You seem to have a standalone forum. In my case, the forum is a subdirectory of an existing secure website, so I don't need to duplicate all the security directives. Otherwise, your directives seem very nice.

Login
Username:
Password:	Lost Password?
	Remember me