httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: [users@httpd] SSL the whole site
Date Fri, 23 Jan 2004 12:55:47 GMT


On Fri, 23 Jan 2004, Stuart Lamble wrote:

> What is the best method of securing the whole site with SSL?

Just get any book on apache (I personally like the O'Reilly one) and
follow the section on enabling SSL.

What you end up with is a web site which runes on port 443 and is 100%
ssl. Then I usually do something like:

<VirtualHost *:80>
	...
	RewriteEngine on
        RewriteRule     ^(.*)   https://%{HTTP_HOST}$1 [R=301]

To redirect people who forget the 's' of https to the https site. Note
that the above has some issues with cross-site scripting in some cases;
in which case you want to change %{HTTP_HOST}$1 into something like
www.myhost.com$1 or even www.myhost.com/index.html (or a page saying
use ssl).

Dw



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message