Jump to content

Forcing https:// with an Apache 2.2.26


Recommended Posts

You can find more about this here

The basics of what I'm attempting to do is in the title, to force a https connection much like how Google does theirs. It's not completely necessary for my webpage but I would like to keep people on my website on it to prevent security issues.

I can make it so they connect to the webpage on https but I can't keep them from changing it to http

Link to comment
Share on other sites

  • 4 months later...

I would personally do 2 things.

<VirtualHost *:80>

        ServerName      forum.domain.com

        ServerAdmin     admin@domain.com

        Redirect / https://forum.domain.com/

</VirtualHost>

<VirtualHost *:443>

 

        ServerAdmin     admin@domain.com

        ServerName      forum.domain.com

        DocumentRoot    /home/forum/www/htdocs

        DirectoryIndex  index.php index.html index.htm

 

 

        Header always set X-Frame-Options DENY

        Header always set X-Content-Type-Options nosniff

        Header always set Strict-Transport-Security "max-age=15768000"

        Header always append Strict-Transport-Security includeSubDomains

        header set X-Clacks-Overhead "GNU Terry Pratchett"

 

        SSLEngine                       On

        SSLCompression                  Off

        SSLInsecureRenegotiation        Off

        SSLHonorCipherOrder             On

        SSLProtocol                     -ALL +TLSv1 +TLSv1.1 +TLSv1.2

        SSLCipherSuite                  ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:HIGH:!CBC:!RC4:!MD5:!aNULL:!EDH:!DES:!PSK

        SSLCertificateFile /etc/apache2/ssl-keys/forum.domain.com.crt

        SSLCertificateKeyFile /etc/apache2/ssl-keys/forum.domain.com.key

        SSLCertificateChainFile /etc/apache2/ssl-keys/ChainFile.crt

 

        SSLUseStapling          on

        SSLStaplingResponderTimeout 5

        SSLStaplingReturnResponderErrors off

Then the rest.

Link to comment
Share on other sites

  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...