Forums

Give help. Get help.

  • # February 29, 2016 at 4:31 pm

    Hi friends,

    I use the following to redirect to HTTPS (I use GoDaddy’s ssl service, this is what they add by default):

    <IfModule mod_rewrite.c>
      Options +FollowSymLinks
      RewriteEngine On
      RewriteCond %{HTTPS} !=on
      RewriteCond %{HTTP_USER_AGENT} ^(.+)$
      RewriteCond %{SERVER_NAME} ^domain\.com$
      RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
      Header add Strict-Transport-Security "max-age=300"
    </IfModule>
    

    I also use a content security policy header. The CSP references ‘self’, but I’m having issues when new users navigate directly to domain.com (instead of https://domain.com). It seems like the CSP is evaluated before the redirect, and then everything refuses to load since ‘self’ refers to http://domain instead of https://domain. To ‘fix’ this I added the https:// variant of the domain to the CSP. That feels like the wrong way to go about doing things, is there something obvious I’ve missed?

    # March 10, 2016 at 1:45 am

    @alexzaworski,

    You can try this code, It should be helpful.

    <IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteCond %{HTTP_USER_AGENT} ^(.+)$
    RewriteCond %{SERVER_NAME} ^domain.com$
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
    Header add Strict-Transport-Security “max-age=300”
    </IfModule>

    Thanks
    Anoop Gupta
    https://www.zeemo.com.au/

    # December 19, 2017 at 2:52 am

    Using the following code in your web.config file automatically redirects visitors to the HTTPS version of your site:

    Thanks and Regards
    Ellie Joshi
    http://webchromite.com/

    # December 19, 2017 at 2:54 am
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

icon-anchoricon-closeicon-emailicon-linkicon-logo-staricon-menuicon-nav-guideicon-searchicon-staricon-tag