Thursday, March 15, 2012

Cacti: http to https

Though may not be required for most users to use Secured HTTP for their Cacti System, some may be required as a basic policy requirements especially for financial institutions. The simple PHP code below will redirect all http request to https, this is also the simplest method that will do the job compared to other methods that you may find on the web.

if ($_SERVER['SERVER_PORT']!=443)
$url = "https://". $_SERVER['SERVER_NAME'] . ":443".$_SERVER['REQUEST_URI'];
header("Location: $url");

The code came from this blog, and is made for IIS Web Server, but after giving it a try on Centos 5, my Cacti System, it works like a charm and is very easy to deploy.

So here is the tip on how to deploy in your Linux-Cacti Machine:

1.  Edit the index.php located on cacti's root folder

#cd /var/www/cacti
#vi index.php

    copy the PHP code above and insert it on the first line of index.php

2. Exit from vi saving the changes and restart httpd service

#service httpd restart

Open your cacti using http://your-server-ip/cacti, this will redirect you to https://your-server-ip/cacti and ask you to verify and confirm web certificate on the first use. Just proceed and complete the process and you are good to go.

The only one problem is, upon login on your cacti and pointing the browser directly to the webpage content like:  http://your-server-ip/cacti/plugins/devices/device.php, it will NOT redirect you to https://your-server-ip/cacti/plugins/devices/device.php, instead, the page will just open as a regular http.

A simple fix would be ......insert the PHP code on "device.php". Do this on your other pages as well.


  1. Dear Onon,
    Thanks for the post. I have one issue in my cacti server.

    We have squid firewall in all the braches. In one branch firewall 2 lan cards are there. One card for local and another card for ISP's. We are using 2 or 3 isp in 2nd lan card and configure as alies.
    In cacti, alias are not monitoring. What is the steps to monitoring the same.

    Please help me

    1. Hi Suresh, thanks for dropping by, as far as I know, cacti can only monitor interface traffic. Your option would be to monitor each of your router facing your every ISP.