Hi,

In my Admincp -> Settings -> Options -> Site Name / URL / ....
I have both 'Forum URL' and 'Homepage URL' beginning with http://

So if I click on a https:// link within my vbulletin site it goes to the secure vBulletin link but it says 'Connection Partiality Encrypted'.

If I change both 'Forum URL' and 'Homepage URL' to begin with https://

It works, but the whole site is now SSL, which I don't want.

Is there a mod for this or can someone explain how to get this to work.

I am in need of the same solution. Hopefully someone responds.

I hope someone who really knows about this can also help. I have a vbulletin 4.1.1 site that I'd like to be able to encrypt (such as when on a public network). But I don't want to lock into having everything https, that negatively affects performance.

I have figured out a partial solution:


in AdminCP under Options, Site Name/URL/Contact Details, there is an option to say No to the option "Always use Forum URL as Base Path"...
Also under "Forum URL", if you make that https, and also the "Homepage URL" (which only affects the footer link)...You end up with the site being accessible under either http or https. Navigating within your forum is catch-as-catch can - some links will take you to an https page, some will revert to http. There doesn't seem to be much rhyme or reason to how that works. My guess is you'd have to go through every template and look for links, then switch them to relative. Even that might not take care of every element in the forum.

And in https you'll get annoying warnings from your browser since encrypted pages will have unencrypted elements in them (all of them, I think).

But by doing this, at least you'll be able to access the site and log in using https or http.

Imo using https on a forum is overkill unless you are on a public WLAN (say Starbucks or Panera Bread) that's capable of being snooped.
And I think the primary security issue is the username password. If you start out with https, that will be encrypted. So even if you then go unencrypted after login for the rest of your session, your password (I think) is secure. Only the content you are reading could be snooped. Btw, I am NOT stating facts, just an educated guess. Anyone out there want to confirm this?

Problem is within core code of vBulletin and this disappoints me very much as much as I pay for vBulletin CMS and everything.

You should not be using https on pages that don't need it because performance takes a hit under HTTPS because the pages are encrypted before sending, and depending on the type of SSL you use, that can be significant.

I prefer that SSL be used ONLY on login, registration, account edit, password change, etc or if you are running a cart like Greystoke's oscCart.

As is, when I get ready to release my script, I am going to be forced to pay several hundred more to get vBulletin modified to do what I want, which is going to hurt upgradability.

Don't even bother telling me it can't be done, because that's how it works on Zencart.

Can I get paid to do that? A few checks in a plugin can easily redirect users to the right pages. I can't imagine it taking more than a hour or two for a seasoned coder.