there’s no place like code

Force HTTPS conn­ection for

Originally posted at saji-codes tumblr.

Update: this recipe is deprecated; allegro does not allow to view all pages via anymore and just redirects to plain http.

With starting to use WiFi on my new laptop I stareted to be a little paranoid. I was forcing https connections for some sites with NoScript. While it works great for sites that has http and https set on the same domain (,,, it did not for (polish auctions portal).

Allegro uses for signing-in, sets non-secure cookie there and redirects to allowing session hijacking. But whole content is available via

At first I tried to use Force encryption for all the cookies set over HTTPS.. feature of NoScript, but it did not work — after logging in via https (and setting some secure cookies), I was logged in in http as well.

Maybe is setting non-secure cookies on http basing on GET attributes? I really don’t want to know. I just had to make sure that I never, ever visit via http.

The recepie

You will need root access to computer you are using.

Kill the original

We don’t want to reach Ever. So why not just redirect the trafic to localhost? Add this to your /etc/hosts:

Redirect traffic to

While we grabbed the traffic we might as well redirect it to ssl host. Create new virtual host in apache:

<VirtualHost *:80>
    ServerName ""
    ServerAlias ""

    RewriteEngline On
    # prevent redirect loop after signing-in
    RewriteRule ^/direct_login.php [L,R,NE]
    RewriteRule ^/?(.*)     $1 [L,R,NE]

And voilà. You can modify it to use with other sites as well. A pity that does not serve all it’s content via some https…

And for that matter.