newb https question

Are you using LiveCode to create server scripts or CGIs?

Moderators: Klaus, FourthWorld, heatherlaine, robinmiller, kevinmiller

Post Reply
pkocsis
Posts: 104
Joined: Sat Apr 15, 2006 7:20 am

newb https question

Post by pkocsis » Tue May 27, 2014 7:31 am

Using apache on Linux (and of course, livecode server :)), what is the proper way to disallow http and force all to https? Is it simply utilizing the redirect functionality? .....or is there a more proper way in which to disallow requests via http?

TIA

Pyrros
Posts: 9
Joined: Sun Apr 20, 2014 8:26 pm

Re: newb https question

Post by Pyrros » Tue May 27, 2014 8:16 pm

I would just use .htaccess rewrite to force the https.

pkocsis
Posts: 104
Joined: Sat Apr 15, 2006 7:20 am

Re: newb https question

Post by pkocsis » Tue May 27, 2014 10:48 pm

Thank you Pyrros,

If I could add one more question.....can this methodology be used to:

1) redirect all http requests to https EXCEPT...

2) if I have a directory in my documentroot called, say, "sslonly", can I make it so that any http requests to assets inside sslonly will NOT get rewritten and simply denied?

I ask because I do indeed want to globally force all http to https, but for some directories, I would like to simply deny http requests and require https be used from the gitgo....(I.E. for requests to assets inside sslonly, if they come in via http I don't want to rewrite and redirect to https....I want to deny them)

Thanks again Pyrros!

Paul

Pyrros
Posts: 9
Joined: Sun Apr 20, 2014 8:26 pm

Re: newb https question

Post by Pyrros » Wed May 28, 2014 8:52 pm

Hi Paul

You should be able to do that.

I'm not an htaccess expert but I guessing something like this would work:

htaccess directory in the site root - specify which urls must redirect to ssl e.g:

RewriteCond %{HTTPS} != on
RewriteRule ^(system|dashboard) {http-domain}%{REQUEST_URI} [NC,R=301]

In the sslonly directory have another htaccess file to restrict access to only ssl:

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) {warning-page} [R]

I can't post urls so,
{http-domain} would be your domain's https url
{warning-page} would be page telling the user the request was denied

Hope this helps.
Simon

Post Reply

Return to “CGIs and the Server”