Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Bret Peavy Posted April 11, 2015 Posted April 11, 2015 You can find more about this hereThe basics of what I'm attempting to do is in the title, to force a https connection much like how Google does theirs. It's not completely necessary for my webpage but I would like to keep people on my website on it to prevent security issues.I can make it so they connect to the webpage on https but I can't keep them from changing it to http
ossipetz Posted April 14, 2015 Posted April 14, 2015 you can use mod_rewrite to to redirect any http request to the https protocol: http://httpd.apache.org/docs/current/mod/mod_rewrite.htmlRewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
jme Posted August 20, 2015 Posted August 20, 2015 I would personally do 2 things.<VirtualHost *:80> ServerName forum.domain.com ServerAdmin admin@domain.com Redirect / https://forum.domain.com/</VirtualHost><VirtualHost *:443> ServerAdmin admin@domain.com ServerName forum.domain.com DocumentRoot /home/forum/www/htdocs DirectoryIndex index.php index.html index.htm Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff Header always set Strict-Transport-Security "max-age=15768000" Header always append Strict-Transport-Security includeSubDomains header set X-Clacks-Overhead "GNU Terry Pratchett" SSLEngine On SSLCompression Off SSLInsecureRenegotiation Off SSLHonorCipherOrder On SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:HIGH:!CBC:!RC4:!MD5:!aNULL:!EDH:!DES:!PSK SSLCertificateFile /etc/apache2/ssl-keys/forum.domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl-keys/forum.domain.com.key SSLCertificateChainFile /etc/apache2/ssl-keys/ChainFile.crt SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors offThen the rest.
ipbfuck Posted October 2, 2015 Posted October 2, 2015 i've this to use only ssl without www: Quote # fix no-www + no-ssl RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\.laltroweb\.it$ RewriteRule ^(.*)$ "https\:\/\/laltroweb\.it\/$1" [R=301,L] demo: http://www.laltroweb.it/favicon.ico
Recommended Posts
Archived
This topic is now archived and is closed to further replies.