Topic: http:// vs https://

[jhale1966]

We need to run a secure website on our server. The only problem is that you can get to it either by using http://www.website.com OR https://www.website.com.

What do we need to do so that it is ONLY accessible using https? Is there a way to setup a redirect if a user only used http?

Thanks!

[mmccarn]

I do this by creating Primary/html/index.html like this:

Code: [Select]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
    <head>
        <title>This is the Title</title>
        <meta http-equiv="REFRESH"
        content="0;url=https://www.website.com/home.html"></HEAD>
        <BODY>
        Website.com Redirect
        </BODY>
        </HTML>[/size]

Then use "home.html" (or some other file, or another ibay entirely) to contain the actual homepage.

By the way - the only part of this that matters is the <meta http-euiv...> stuff. content="0;url=blahblahblah"> causes a redirect to the indicated URL after zero seconds.  If you replace the zero with a 5 then you get a page that redirects after 5 seconds - presumably so folks have time to read your message saying you've moved your site...

You can also do this with template fragments that reconfigure Apache to redirect http:/www.website.com to https://www.website.com, but I don't know how to do this!

[mrjhb3]

You can also do this with template fragments that reconfigure Apache to redirect http:/www.website.com to https://www.website.com, but I don't know how to do this!

Have a look at /etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases for a sample RewriteRule.

JB

[icpix]

If you use a packet-sniffing router you could redirect port 80 to 443.

[icpix]

Ray's HOWTO...
http://mirror.contribs.org/smeserver/contribs//rmitchell/smeserver/howto/https%20ibay%20forced%20redirection%20HOWTO%20for%20sme%20server.htm
...admittedly it's for SME6 so YMMV with SME7.