- This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
Viewing 4 posts - 1 through 4 (of 4 total)
- The forum ‘Back End’ is closed to new topics and replies.
The forums ran from 2008-2020 and are now closed and viewable here as an archive.
Hi friends,
I use the following to redirect to HTTPS (I use GoDaddy’s ssl service, this is what they add by default):
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_USER_AGENT} ^(.+)$
RewriteCond %{SERVER_NAME} ^domain\.com$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Header add Strict-Transport-Security "max-age=300"
</IfModule>
I also use a content security policy header. The CSP references ‘self’, but I’m having issues when new users navigate directly to domain.com (instead of https://domain.com). It seems like the CSP is evaluated before the redirect, and then everything refuses to load since ‘self’ refers to http://domain instead of https://domain. To ‘fix’ this I added the https:// variant of the domain to the CSP. That feels like the wrong way to go about doing things, is there something obvious I’ve missed?
You can try this code, It should be helpful.
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_USER_AGENT} ^(.+)$
RewriteCond %{SERVER_NAME} ^domain.com$
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Header add Strict-Transport-Security “max-age=300”
</IfModule>
Thanks
Anoop Gupta
https://www.zeemo.com.au/
Using the following code in your web.config file automatically redirects visitors to the HTTPS version of your site:
Thanks and Regards
Ellie Joshi
http://webchromite.com/