Force SSL in osTicket without htaccess changes

Published: 22 December 2014

For many cloud hosting mechanisms, traditional SSL redirects using the htaccess file do not work.

CMSs such as Concrete5 and Joomla! get round this by having "Force SSL" options which cause the redirect from within the CMS itself.

osTicket, however, doesn't have such a setting (in the 1.9.4 version which was current at the time of writing this knowledgebase article). Note that it does have the capability to force the SQL server to use SSL for connection, it is just forcing of the published site to use SSL which is not there.

If you want to use SSL, this can be effected by simply adding the following highlighted lines in the file "ost-config.php" (which is located in the osTicket "include" sub-directory)

# define('ROOT_PATH', '/support/');
/* CUSTOM CODE START */
// If page requires SSL (forced true here), and we're not in SSL mode, 
// redirect to the SSL version of the page
if($_SERVER['SERVER_PORT'] != 443) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
/* CUSTOM CODE END */
#Disable direct access.