Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt November 11, 2024
Bret Peavy Posted April 11, 2015 Posted April 11, 2015 You can find more about this hereThe basics of what I'm attempting to do is in the title, to force a https connection much like how Google does theirs. It's not completely necessary for my webpage but I would like to keep people on my website on it to prevent security issues.I can make it so they connect to the webpage on https but I can't keep them from changing it to http
ossipetz Posted April 14, 2015 Posted April 14, 2015 you can use mod_rewrite to to redirect any http request to the https protocol: http://httpd.apache.org/docs/current/mod/mod_rewrite.htmlRewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
jme Posted August 20, 2015 Posted August 20, 2015 I would personally do 2 things.<VirtualHost *:80> ServerName forum.domain.com ServerAdmin admin@domain.com Redirect / https://forum.domain.com/</VirtualHost><VirtualHost *:443> ServerAdmin admin@domain.com ServerName forum.domain.com DocumentRoot /home/forum/www/htdocs DirectoryIndex index.php index.html index.htm Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff Header always set Strict-Transport-Security "max-age=15768000" Header always append Strict-Transport-Security includeSubDomains header set X-Clacks-Overhead "GNU Terry Pratchett" SSLEngine On SSLCompression Off SSLInsecureRenegotiation Off SSLHonorCipherOrder On SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:HIGH:!CBC:!RC4:!MD5:!aNULL:!EDH:!DES:!PSK SSLCertificateFile /etc/apache2/ssl-keys/forum.domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl-keys/forum.domain.com.key SSLCertificateChainFile /etc/apache2/ssl-keys/ChainFile.crt SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors offThen the rest.
ipbfuck Posted October 2, 2015 Posted October 2, 2015 i've this to use only ssl without www: Quote # fix no-www + no-ssl RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\.laltroweb\.it$ RewriteRule ^(.*)$ "https\:\/\/laltroweb\.it\/$1" [R=301,L] demo: http://www.laltroweb.it/favicon.ico
Recommended Posts
Archived
This topic is now archived and is closed to further replies.