Secure Cookies in Horde (Wednesday, September 10th, 2008) |
There was some recent rumbling on Slashdot about secure cookies, and I decided to check my own webmail sites. Lo and behold, they weren't setting secure cookies. If you run Horde on HTTPS, you should configure Apache to make it completely inaccessible over HTTP. The simplest way of doing this is to set up a virtual host for HTTP that doesn't point to Horde, but instead does a redirect to the HTTPS site. For example:
Once that's taken care of, there's one more step: you need to configure Horde not to allow HTTP connections. This is safe, because you've already set up your web server not to allow HTTP connections anyway (any HTTP connections get redirected to HTTPS without touching Horde first). To do this, log
into Horde as an Administrator, and go to Horde Setup. Under “General
Horde Settings”, where it says
“ Hope this helps! |
Themes |
Random Quote |
“Like almost everyone, I receive a lot of spam every day, much
of it offering to help me get out of debt or get rich quick. It's
ridiculous.”
- Bill Gates |