Force HTTP-HTTPS with Apache
|
Author | Content |
---|---|
questioner Aug 09, 2006 2:37 PM EDT |
hi guys, Im trying to find a way to make it so that if someone types in Http://www.example.com they get an error saying they need Https:// Right now someone could type either http or https and get the site. |
herzeleid Aug 09, 2006 2:46 PM EDT |
Instead of dying and dumping them out with an error, why not just automatically redirect them to the https url? |
questioner Aug 09, 2006 2:54 PM EDT |
i would rather have the users type the s in themselves, but for the moment a redirect would be okay if you can explain it. Eventually though i would want them to type in the s if they go to HTTP. |
dinotrac Aug 09, 2006 3:14 PM EDT |
> Eventually though i would want them to type in the s if they go to HTTP. Really? Why is that -- do you intend to keep two different versions of the site, one secured and one not? If not, the automatic redirect seems much more user-friendly. Don't know about other mechanisms, but: redirect 301 /oldurl http://newurl or maybe with mod_rewrite: rewriteEngine on rewriteRule url https://url [R=permanent,L] or something along those lines. |
questioner Aug 09, 2006 3:22 PM EDT |
Well, it not really my idea. I feel that redirecting would be more user-friendly, but the idea is that we dont want the server to accept insecure connections (http) at all. |
dinotrac Aug 09, 2006 3:47 PM EDT |
Hmmm. In effect, that's what a rewrite rule would do. It would disable the http:// url altogether, making it impossible to use, forcing any visitor to your site to do so via https://. |
questioner Aug 09, 2006 3:57 PM EDT |
meh i might aswell do that for now, care to explain how i would do it?
Would it be something like .htaccess or httpd.conf or something? sorry for the slow reply, im fixing another computer( windows system that restarts before going into windows -.-'') while doing this so im sort of side tracked. |
dinotrac Aug 09, 2006 5:19 PM EDT |
You would set it up in the apache configuration files -- being sure that you've got mod_rewrite loaded and appropriate rewrite rules in place. There are a number of tutorials out on the web, like this one: http://www.higherpass.com/apache/Tutorials/Learning-To-Use-M... You don't actually need to know much, because you don't even want to set a rewrite condition. You want EVERYTHING to be redirected. |
You cannot post until you login.