RE: http-https [EXT]

[James Smith <js5@xxxxxxxxxxxx>]

Add also remember to add the HSTS headers

 

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

 

{only put includeSubDomains & preload if you can} this stops the client sending further HTTP requests but only HTTPS {most web servers}

This can stop the plain text password issue…

 

 

From: Jim Albert <jim@xxxxxxxxxxxxx>
Sent: 11 August 2020 15:07
To: users@xxxxxxxxxxxxxxxx
Subject: Re: http-https [EXT]

 

On 8/11/2020 3:00 AM, MEjaz wrote:

Hello,.

 

I have requirement to redirect the url. Whoever typed my site http://newtraffic.cyberia.net.sa [newtraffic.cyberia.net.sa] , it should redirect to https://newtraffic.cyberia.net.sa [newtraffic.cyberia.net.sa]

 

I am bit struggling to achieve this. please assit

 

Ejaz

 

As long as the request is staying on the same server, mod_rewrite is a good use for this and I believe avoids another request as in a redirect.
The following 3 lines would go in your httpd.conf file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) MailScanner has detected a possible fraud attempt from "%" claiming to be https://% [%]{SERVER_NAME}$1 [L,R=302]

https://httpd.apache.org/docs/current/mod/mod_rewrite.html [httpd.apache.org]

This assumes you want all http traffic handled via https and not just the root of your site.

Change the 302 (temporary) to 301 (permanent) once you know things are working as you like.

Jim

-- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.