Board index Linux Apache

Moderator: chandranjoy

Redirect http to https

Postby chandranjoy » Sun Mar 07, 2010 6:03 pm

Apache Redirection - http to https:

Apache: Redirect http to https Apache secure connection – force HTTPS
Connections
<http://www.cyberciti.biz/tips/category/apache/>

Let us say you have webmail sub-domain called http://mail.innovationframes.com and
you would like to redirect it to https secure connection i.e.
https://mail.innovationframes.com.

This will help you protect user privacy and sensitive information such as
username and password remotely.

So how do you configure your Apache web server so that you prevent your web
sites from being accessed without encryption?
Redirect http to https Apache Configuration

First make sure Apache is configured for HTTPS connection and necessary SSL
certificates are installed.
No non-ssl access i.e. only accept https connections

Now open httpd.conf or .htaccess file (mod_rewrite not required):
# vi httpd.conf

Append following line :

Any request made to http://mail.innovationframes.com will goto
https://mail.innovationframes.com/

Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart


This is easiest way to ensure that your normal user never use plain text
HTTP protocol to send data. Now this makes it much harder to sniff sensitive
data.
Force webmail login over SSL https session

So if you want force users to access their webmail through https, add
following configuration to .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Make sure you have something as follows in httpd.conf (mod_rewrite support):
LoadModule rewrite_module modules/mod_rewrite.so
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to Apache

Who is online

Users browsing this forum: No registered users and 1 guest


cron