Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted April 11, 201510 yr You can find more about this hereThe basics of what I'm attempting to do is in the title, to force a https connection much like how Google does theirs. It's not completely necessary for my webpage but I would like to keep people on my website on it to prevent security issues.I can make it so they connect to the webpage on https but I can't keep them from changing it to http
April 14, 201510 yr you can use mod_rewrite to to redirect any http request to the https protocol: http://httpd.apache.org/docs/current/mod/mod_rewrite.htmlRewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
August 20, 20159 yr I would personally do 2 things.<VirtualHost *:80> ServerName forum.domain.com ServerAdmin admin@domain.com Redirect / https://forum.domain.com/</VirtualHost><VirtualHost *:443> ServerAdmin admin@domain.com ServerName forum.domain.com DocumentRoot /home/forum/www/htdocs DirectoryIndex index.php index.html index.htm Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff Header always set Strict-Transport-Security "max-age=15768000" Header always append Strict-Transport-Security includeSubDomains header set X-Clacks-Overhead "GNU Terry Pratchett" SSLEngine On SSLCompression Off SSLInsecureRenegotiation Off SSLHonorCipherOrder On SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:HIGH:!CBC:!RC4:!MD5:!aNULL:!EDH:!DES:!PSK SSLCertificateFile /etc/apache2/ssl-keys/forum.domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl-keys/forum.domain.com.key SSLCertificateChainFile /etc/apache2/ssl-keys/ChainFile.crt SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors offThen the rest.
October 2, 20159 yr i've this to use only ssl without www: Quote # fix no-www + no-ssl RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\.laltroweb\.it$ RewriteRule ^(.*)$ "https\:\/\/laltroweb\.it\/$1" [R=301,L] demo: http://www.laltroweb.it/favicon.ico
Archived
This topic is now archived and is closed to further replies.