10

I've just moved a Drupal to my localserver and I forgot to disable Secure Pages.

Now I cannot access admin pages, because the site switches to HTTPS.

How can I disable it?

kenorb
  • 155,785
  • 88
  • 678
  • 743
aneuryzm
  • 63,052
  • 100
  • 273
  • 488

6 Answers6

21

In your settings.php file:

$conf['securepages_enable'] = FALSE;

This will override the database setting.

In your sites/example.com/settings.php, leave this line out, and then it will use whatever value is in the database.

jwal
  • 7,290
  • 1
  • 21
  • 11
  • 1
    for some reason in IE10 the https redirect was cached in the browser! this solution worked for me, but IE10 wouldn't give up the redirect until I cleared IE's browser cache... – tmsimont Apr 30 '13 at 16:48
  • Any idea for newer versions of drupal? neither `$conf['securepages_enable']` nor `$conf['https']` seem to do anything (and I did clear cache in drupal, browser and restarted webserver to make sure it was reading config) – Kasapo Dec 17 '13 at 23:36
  • for future reference -- it was indeed another module (the LDAP module) controlling the HTTPS. I don't think i'm even using securepages. – Kasapo Dec 18 '13 at 19:05
  • Perfect solution. This could be the ACCEPTED ans. – Chandresh M Dec 27 '16 at 07:10
7

If you are using drush, you can keep the Secure Pages module enabled and just turn off the checkbox in the module's own config like:

drush vset securepages_enable 0

This will stop the redirect.

you can also change the URLs if you want, as follows, but the above is usually enough.

drush vset securepages_basepath http://nominet.dev
drush vset securepages_basepath_ssl http://nominet.dev

I'm running Drupal 7 btw, so YMMV, but seems to be a simple drush based solution following on from the above answer.

Al Power
  • 223
  • 1
  • 3
  • 7
5

The way I've done it without disabling the module is to use SQL to change the variable setting. First backup your database (in case you put a semicolon in the wrong place; scratch that, always back up your database before making changes on the command line) and then run the following SQL on your database:

UPDATE variable SET value = 's:1:"0";' WHERE name = 'securepages_enable';

Then:

DELETE FROM cache;
DELETE FROM cache_page;

You need those two lines in order to clear the cache, otherwise the variable might stick around for a while.

sillygwailo
  • 2,007
  • 16
  • 13
  • +1 I feel safer disabling a variable setting to turn off a feature rather than disabling a module through the db because of reasons listed above. – Mike Munroe Jun 22 '11 at 22:37
  • 2
    Since we live in the Drush era now, `drush -l yoursite.tld vset securepages_enable 0` should do the trick. `drush -l yoursite.tld cc all` just to be sure. – sillygwailo Sep 10 '13 at 17:36
2

I know this question is old and has been answered a few times, but there's another option that hasn't been suggested yet.

You could disable it completely:

// Disable SecurePages completely.
$conf['securepages_enable'] = FALSE;

and alter settings.php to enforce HTTPS depending on some context, e.g.:

if (isset($_SERVER['environment'] && $_SERVER['environment'] == 'staging')) {
  $conf['securepages_basepath'] = 'http://staging.example.com';
  $conf['securepages_basepath_ssl'] = 'https://staging.example.com';
} else if (isset($_SERVER['environment'] && $_SERVER['environment'] == 'production')) {
  $conf['securepages_basepath'] = 'http://www.example.com';
  $conf['securepages_basepath_ssl'] = 'https://www.example.com';
} else {
  // We're on dev or some other server instance where SSL isn't needed.
  $conf['securepages_enable'] = FALSE;
}

This is just an example, but it's been a helpful way for us to manage sites that exist on a dev server, a QA server, and a production server, where we want to track settings.php changes in version control without having to change things in each environment.

Charlie Schliesser
  • 7,851
  • 4
  • 46
  • 76
2

If you have Drush installed:

drush dis -y securepages
kenorb
  • 155,785
  • 88
  • 678
  • 743
Shaun Dychko
  • 825
  • 1
  • 9
  • 11
1

You can disable the module directly via the database. Just go into the system table, look for your module under the name column, and set the status field to zero.

anschauung
  • 3,697
  • 3
  • 24
  • 34
  • 1
    @Patrick: no. Some hooks may be called when certain modules are disabled that clean up or do other things, so only do this when you cannot disable them normally. – Andrew Sledge Dec 27 '10 at 18:34
  • 1
    @Patrick: It happens to be safe for this particular module. But, hook_disable() gets called when a module is disabled normally through the admin interface, so be sure to inspect the module for hook_disable before doing it like this. – anschauung Dec 28 '10 at 14:25
  • I have a similar issue -- i changed config for drupal to force SSL, but then remembered the server isn't configured. I don't feel like generating a self-signed or getting a cert and setting that up right now, so anyone know how disable this -- either in DB or Config file -- other than what's been suggested (which doesn't work)? – Kasapo Dec 17 '13 at 23:40
  • @Kasapo: If you've followed the instructions above, then securepages is definitely disabled. You might have another issue at hand (something on your Apache config maybe?). You should post a new question so that folks can help. – anschauung Dec 18 '13 at 14:55
  • I realize this is tagged drupal6, but I have drupal7 and I think that the "securepages" module existed in 6 but may have been moved to core in 7?? As far as I know, I don't have a standalone securepages module. However I am using the LDAP module, and it appears the setting was actually in there. Luckily I have a multisite installation and while I can't log in to one site, I found I was still logged in as admin on the other site, so I was able to get to settings and turn it off. Thanks for the help! I bet there's a setting in the `variable` table for LDAP stuff to turn it off too... – Kasapo Dec 18 '13 at 19:04