Page 1 of 1
newb https question
Posted: Tue May 27, 2014 7:31 am
by pkocsis
Using apache on Linux (and of course, livecode server
), what is the proper way to disallow http and force all to https? Is it simply utilizing the redirect functionality? .....or is there a more proper way in which to disallow requests via http?
TIA
Re: newb https question
Posted: Tue May 27, 2014 8:16 pm
by Pyrros
I would just use .htaccess rewrite to force the https.
Re: newb https question
Posted: Tue May 27, 2014 10:48 pm
by pkocsis
Thank you Pyrros,
If I could add one more question.....can this methodology be used to:
1) redirect all http requests to https EXCEPT...
2) if I have a directory in my documentroot called, say, "sslonly", can I make it so that any http requests to assets inside sslonly will NOT get rewritten and simply denied?
I ask because I do indeed want to globally force all http to https, but for some directories, I would like to simply deny http requests and require https be used from the gitgo....(I.E. for requests to assets inside sslonly, if they come in via http I don't want to rewrite and redirect to https....I want to deny them)
Thanks again Pyrros!
Paul
Re: newb https question
Posted: Wed May 28, 2014 8:52 pm
by Pyrros
Hi Paul
You should be able to do that.
I'm not an htaccess expert but I guessing something like this would work:
htaccess directory in the site root - specify which urls must redirect to ssl e.g:
RewriteCond %{HTTPS} != on
RewriteRule ^(system|dashboard) {http-domain}%{REQUEST_URI} [NC,R=301]
In the sslonly directory have another htaccess file to restrict access to only ssl:
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) {warning-page} [R]
I can't post urls so,
{http-domain} would be your domain's https url
{warning-page} would be page telling the user the request was denied
Hope this helps.
Simon