Search code examples
sslhttpsjoomlajoomla2.5

Joomla does not properly force ssl

Current situation

  • I've got an old installation of joomla 2.5.28 (blauwelint.nl).
  • There is a ssl-certificate installed from LetsEncrypt, works like it should.
  • Force SSL is set to entire site in Joomla settings

  • Added the following to htaccess to force www:

    RewriteCond %{HTTP_HOST} ^domain.nl [NC]
RewriteRule ^(.*)$ https://www.domain.nl/$1 [L,R=301,NC]

https://domain.nl works without errors

Expected behaviour: always force https

Actual behaviour In a fresh browser it appears also possible to open the site with just http://, regardles of the fact that force ssl is set.

Question I want https to be forced always, but can't figure out why expected behaviour isnt followed.

Solution

  • I generally do not use the Joomla setting and just use .htaccess rules. If you turn off force SSL in Joomla, you can use the following to force https and www:

    RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.blauwelint.\nl$ [NC]
RewriteRule ^(.*)$ https://www.blauwelint.nl/$1 [L,R=301]

    EDIT: Also, be careful sharing your Joomla version and domain. Support for 2.5.x has ended.