*Title: SSL Zones. *Incentive: It might be needed to force access over SSL to certain site parts. Such parts are called "SSL zones". *Documentation: SSL zone might be: 1. a content subtree (content SSL zone); 2. a module view. In the first case all the operations (viewing, editing, creating child nodes) on nodes belonging to the subtree are done over SSL. When a user leaves an SSL zone (i.e. when he/she is accessing a subtree or module view that does not belong to any SSL zone), the user is automatically switched back to plain HTTP (without SSL). *Configuration: By default, plain HTTP access mode is used. You can override certain access mode on per-view basis. Views access mode is not overriden for can choose the appropriate access mode on per-subtree basis. Sample configuration: ### site.ini.append ################################################### [SiteSettings] SSLPort=8443 [SSLZoneSettings] # Enable/disable the SSL zones functionality. SSLZones=enabled # Content subtrees we must use SSL for. # (currently, only content/view and content/edit respect this setting) SSLSubtrees[] SSLSubtrees[]=/news SSLSubtrees[]=/polls # Default access mode is plain HTTP. # Define a view as 'ssl' to force HTTPS access mode for this view. # If a view is defined as 'keep' then access mode is unknown # for this view, and the previous access mode is kept. ModuleViewAccessMode[shop/add]=ssl ModuleViewAccessMode[shop/basket]=ssl ModuleViewAccessMode[content/*]=keep ####################################################################### "content/*" means all the views in module 'content'. *Logic: Before module run, the system looks at "ModuleViewAccessMode" setting to decide whether it should switch access mode. If a module/view is either not mentioned there or defined as 'ssl' then access mode switch occurs. Otherwise, if a module/view is defined as 'keep', the view may switch access mode on per-subtree basis, just like content/view and content/edit do. If it's not possible to determine the right access mode before module run (=when view is defined as 'keep'), and the view does not handle content SSL zones (SSL subtrees) itself, mode switch does not occur. *Implementation details: Check if a module/view should cause access mode switch is done in index.php by calling eZSSLZone::checkModuleView(). Checks if a given object/node belongs to a content SSL zone (SSLSubtree) are done by calling checkNode/checkNodeID/checkNodePath/checkObject method of class eZSSLZone from a view. In order to add support for content SSL zones to your view, you should define the view as 'keep' in "ModuleViewAccessMode" setting and add something like this just after parsing module parameters: // Check if we should switch access mode (http/http) for this node. include_once( 'kernel/classes/ezsslzone.php' ); eZSSLZone::checkNodeID( '', '', $NodeID ); For mode details, look at public methods in ezsslzone.php. *Known limitations: It's not possible to switch acess mode for views that accept parameters by POST method (e.g. content/action). Moreover, such views will not work with SSLZones=enabled at all, unless you mark them as 'keep' in ModuleViewAccessMode setting.