Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 276
  • Last Modified:

Have website always be https even if they type in http

My company recently got a CA certificate from verisign.  Now we want to secure our entire website.  I have apache 2.0.49, and https works perfectly

I want to know if there is a way, without going and changing every page/link, to just make everything goto the https:// instead of http://
0
revo1059
Asked:
revo1059
  • 7
  • 7
  • 2
  • +1
3 Solutions
 
ravenplCommented:
In Your webroot folder create .htaccess file with following content

RewriteEngine On
ReriteCond %{HTTPS} off
RewriteRule (.*) htps://%{SERVER_NAME}%{REQUEST_URI} [L,R]
0
 
ravenplCommented:
Sorry for typos - my wireless kb fails sometimes - have to replace
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Also note, that it will redirect user externally - user will notice it's redirected. Also if user types
http://web.com and the real server name is www.web.com, it will be redirected to www.web.com - which is SERVER_NAME in our example.

0
 
revo1059Author Commented:
i tried creating a .htacces and pasted the code you gave me exactly, and it didnt work.  Do i need to do anything else in apache to tell it to read that file?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
ravenplCommented:
> Do i need to do anything else in apache to tell it to read that file?
Usually no, mod_rewrite is usually there and allowed. But in fact You need to be allowed to override FileInfo
Refer http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriteengine http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
You can also try:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
0
 
ravenplCommented:
And the filename is .htaccess not .htacces - just to be sure.
0
 
revo1059Author Commented:
I know, that was a type-o

I am not very familiar with the httpd.conf file, could you be more specific about where i need to put that allow override
0
 
ravenplCommented:
Find section
<Directory />
add/change: AllowOverride FileInfo
and restart apache.
But I'm nost sure if that's the problem. Have You tried with the '!on' instead of 'off'
0
 
revo1059Author Commented:
i looked at my config file.  It looks like i need to change a file in /etc/apache2 called default-server.conf

theres a part that starts with </Directory where i found my server root.  I changed that AllowOverride from none to all.  When i did that, I could get to my webpage anymore.  It said internal server error
0
 
caterham_wwwCommented:
Just put a

Redirect 301 / https://example.com/

into your <virtualhost> for port 80.
0
 
revo1059Author Commented:
I don't know what file to put that in.  I have SLES 9 and apache2.  Can you tell me where that would be

I searched /etc/apache2/httpd.conf, /etc/http/httpd.conf and couldn't find anything like <virtualhost>
0
 
Robin HickmottSoftware DeveloperCommented:
Try placing it in the <directory> part for your document root.
0
 
ravenplCommented:
revo1059: You can use Redirect but only if DocumentRoot for Ssl and nonSsl virtualhosts differ.
In such case, just create .htaccess in nonSsl web path with the content rhickmott provided.
0
 
revo1059Author Commented:
when I tried the .htaccess, i got a error 500... internal server error
0
 
ravenplCommented:
You need to be allow to override FileInfo. Also rewrite requires the very same override.
Refer http://httpd.apache.org/docs/2.0/mod/mod_alias.html#redirect http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
You can verist the real error in apache's error log.
0
 
revo1059Author Commented:
I did a tail -f on the error_log for apache, and got this:

Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a module not included in the server configuration
0
 
Robin HickmottSoftware DeveloperCommented:
Look for

LoadModule rewrite_module modules/mod_rewrite.so

and remove any # from the start of it
0
 
revo1059Author Commented:
I have just been told by my boss that he doesn't want https for the homepage.  I guess I will have to come up with another solution.  Thank you for all your advice.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 7
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now