Elgg 2.3.10
I've been trying to make my site https secure this evening... and (unsucessfuly) "playing" with my .htaccess file. The result of this has been the site isn't rendering correctly and although it's become https Firefox is grumbling that "parts of the pages are not secure (eg images)".
Well I'm taking a rest from that for now...
BUT now I seem to be able to access all parts of the site (when .htaccess back to original) with the Log in request still showing on every page!
That's weird.
Any advice?
Have a good weekend, All,
Striver
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Striver@Striver
Striver - 0 likes
- iionly@iionly
iionly - 0 likes
You must log in to post replies.I have resolved these problems by reinstalling elgg and ticking the "Restrict pages to logged in users" box on the Admin>Configure>Settings> Advanced Settings page.
Striver
By default, logged-out users can view a lot of pages. But it depends on the access level set for content what they can actually see on these pages. By default, the "public" access level is pre-selected when posting some content. You can change the default access level in the advanced site settings in the admin area (e.g. change to logged-in users). The users could still select a different access level then (but most won't do if they don't have some reason to do so - like selecting "friends-only"). Any content with an access level different than "public" will not be visible to users who are not logged in even if they can access for example the lists pages.
The option "Restrict pages to logged in users" makes your site a so called walled garden site. This means that independently of the content-specific access level the access to the whole pages is restricted to logged-in users (with some exceptions like the registration, login, lostpassword and external site pages). Even if a content item would have a "public" access level the whole page where this content item would be displayed is then blocked from anonymous visitors.