How to force https on web page

We had a question related to regarding secure connection answered in EE that made us place this question.   The EE said we can "...force https on web page through the serverside scripting or htacccess/webconfig...".

Please explain and if so, demonstrate.
rayluvsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
On a single page or the whole site?

For a single page:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} yourpage.php
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Open in new window


For the whole site:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rayluvsAuthor Commented:
Just to see if we understand, in order for force https, this has to be done at the server we want https?
0
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
If you are running IIS you will need to install Rewrite module and then you an configure the rules.

See the following link on Rules configuration.

http://www.jppinto.com/2010/03/automatically-redirect-http-requests-to-https-on-iis7-using-url-rewrite-2-0/

regards
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

GaryCommented:
Yes it has to be done at the server, but you could also make sure your links do actually point to https.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
GaryC123 has a good answer. If you want to do this in php for  just one form page as an example  example http://www.experts-exchange.com/Web_Development/Blogs/WordPress/Q_27671188.html#a37833811
0
rayluvsAuthor Commented:
We we're looking more to the possibility to secure the link to the any website without coding.  But reading al these entries, if we want a secure connection from our pc to the desired website, the said website HAS TO BE setup internally for https.  We cannot secure the connection without it.

Are we correct?
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
When I originally made the statement about using htaccess/webconfig, I was assuming you were asking about your own website.   None of that will work if you are just surfing sites you do not control.  

You can go to just about any site regardless if there is a certificate or not, and simply try adding the 's' in http to https.  If the site has ssl turned on and they do not have a certificate, the connection is still secure but your browser will throw an error about being untrusted.  If the site already  has a certificate all will be good.  However, if the server has ssl turned off, you will not be able to connect using https.
0
GaryCommented:
What padas has said
Curious...but what do you think trying to force all traffic through https is going to accomplish?
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Between this current question and your previous one at http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_28229376.html.  It appears you are trying to get a specific answer to something but not really giving us any specifics and that is causing some confusion.  

I think to help you in more detail, you should let us know exactly what you are trying to achieve.
0
rayluvsAuthor Commented:
There is no specifics as to what we want to accomplish.  Basically is just acquiring knowledge.  With both question we pretty much clear.  Nevertheless, you advice on "...imply try adding the 's' in http to https..." is good if we want to see if security is available.

Thanx All!
0
rayluvsAuthor Commented:
Thanx all.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.