Deku-shrub
Member
Posted 3 months ago #
Hi there
I'm trying to secure admin access to our multi domain mapped wordpress installation.
The current workflow is that a users logs in at:
http://site.userdomain.tld/wp-admin/
then gets 301 redirected to:
http://wordpress.our_ssl_enabled_domain.tld/wp-admin/userdomain/
They then end up at their user dashboard which is good.
I've added support for https://wordpress.our_ssl_enabled_domain.tld/, so with a htaccess rule, can redirect like so:
# if you're not on the SSL enabled domain
RewriteCond %{HTTP_HOST} !^wordpress\.our_ssl_enabled_domain\.tld
# and you try to access the admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin
# go to the ssl enabled admin path
RewriteRule ^(.*)$ https://wordpress.our_ssl_enabled_domain.tld/wp-login.php [R=301,L]
This method loses the /userdomain/ variable as that needs to be given by this plugin so the user no longer ends up at their custom dashboard which is no good.
It's not acceptable to have the user login over plain text at http://site.userdomain/wp-admin/ then get redirected back to https://wordpress.our_ssl_enabled_domain.tld/wp-admin/userdomain/ ask the login credentials have already passed in plain text over the wire.
Can you suggest how to handle this please?
http://wordpress.org/extend/plugins/wordpress-mu-domain-mapping/
Try changing the last 3 lines to
`
RewriteCond %{REQUEST_URI} (^.*/)wp-admin
# go to the ssl enabled admin path
RewriteRule ^(.*)$ https://wordpress.our_ssl_enabled_domain.tld/%1wp-login.php [R=301,L]
Deku-shrub
Member
Posted 3 months ago #
After login that sends me to:
http://wordpress.our_ssl_enabled_domain.tld/site.userdomain.tld which 404s
I need to pass through the domain subfolder some how which doesn't appear to be available via simple .htaccess manipulation since it comes out of wordpress.
The url logins should happen at I believe should be:
https://wordpress.our_ssl_enabled_domain.tld/wp-login.php?redirect_to=https://wordpress.our_ssl_enabled_domain.tld/wp-admin/userdomain/
Apache doesn't see /userdomain/ so doesn't know to send me there. I suspect only same-domain login is currently supported by the plugin if one wishes to retain the site-specific dashboard page.
You might also have to filter the login redirect url.
Deku-shrub
Member
Posted 3 months ago #
Deku-shrub
Member
Posted 3 months ago #
Yes sorry, the second url, that's where I need to end up.
Check you DM settings to see that you want the original site admin area.
Deku-shrub
Member
Posted 3 months ago #
Yes, I've enabled that, but by the time I'm forwarded to https://wordpress.our_ssl_enabled_domain.tld/wp-admin/ the original domain name has been lost from the url.
Logging in at http://site.userdomain.tld/wp-admin/ works appropriately but isn't secure.
You might also have to filter the login redirect url to provide the login page with the correct URL to redirect to.
Deku-shrub
Member
Posted 2 months ago #
That's the issue! I don't have the correct url the /sitename/ is not in the url. The basic non-ssl implementation requires (plain text) login and gets that bit of the url on logging in.
There's no way of ending up at the correct url just using .htaccess rules IMO, there needs to be some code support.
Deku-shrub
Member
Posted 2 months ago #
... sorted it out? No, I'm saying the multi domain plugin doesn't support central SSL.
Quote to implement support?
sorted it out? No, I'm saying the multi domain plugin doesn't support central SSL.
Resolved as far as what you need to do to correct the issue. I was still attempting to help you figure out what was wrong even though it's not an issue directly related to the DM plugin itself.
Quote to implement support?
I work full time and do not take any side projects.
Deku-shrub
Member
Posted 2 months ago #
I'm just looking for the magic words 'this functionality is not supported' so that I can get dev time or budget to fix the issue internally rather than it being something I can fix with configuration alone.
I can do that for you - the functionality you are trying to implement is not included/supported.
