Ticket #1484764 (assigned Feature Requests)
Can not enable SSL just for the login page
| Reported by: | jnordstrom | Owned by: | till |
|---|---|---|---|
| Priority: | 10 | Milestone: | 0.2-stable |
| Component: | Other | Version: | 0.1-rc2 |
| Severity: | minor | Keywords: | |
| Cc: |
Description
I am using an apache reverse proxy as an SSL termination point. In order for apache to redirect the user's browser to HTTPS for login the apache server needs to be notified that the user is viewing a login page. This is usually accomplished by the application issuing a redirect to /login when the user is not authenticated or a user's session has expired, unfortunately roundcube does an internal forward as a result apache has no knowledge the user is seeing the login page and is unable to enable HTTPS. This issue will also apply to other security systems and SSL termination products. Using SSL for all communication is way to expensive. Moving to a REST based URL structure might resolve the issue.
