diff options
| author | mattpiwik <matthieu.aubry@gmail.com> | 2012-02-12 07:21:33 +0400 |
|---|---|---|
| committer | mattpiwik <matthieu.aubry@gmail.com> | 2012-02-12 07:21:33 +0400 |
| commit | 79809cc8fb1559ab2df5377a4a887a5075dd2de1 (patch) | |
| tree | 960b083fc6d03e7671b27fdf8741983b3ef1cd42 /config | |
| parent | 2a9348ca16cfe1e893136d706c67191ae47e90cb (diff) | |
Fixes #2918
* Adding new setting force_ssl that will automatically redirect all http:// requests to the https:// equivalent. This ensures better security for the piwik server, since the token_auth is often found in the response body or in the GET parameters.
git-svn-id: http://dev.piwik.org/svn/trunk@5815 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'config')
| -rw-r--r-- | config/global.ini.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index fc3ddb1963..7e5ef14a51 100644 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -164,6 +164,12 @@ session_save_handler = files ; If set to 1, Piwik redirects the login form to use a secure connection (i.e., https). force_ssl_login = 0 +; If set to 1, Piwik will automatically redirect all http:// requests to https:// +; If SSL / https is not correctly configured on the server, this will break Piwik +; If you set this to 1, and your SSL configuration breaks later on, you can always edit this back to 0 +; it is recommended for security reasons to always use Piwik over https +force_ssl = 1 + ; login cookie name login_cookie_name = piwik_auth |