Forcing users to use HTTPS the simple and secure way

Very simple Apache configuration using mod_rewrite.

<VirtualHost 1.2.3.4:80 [2001:4800::2]:80>
DocumentRoot /home/someuser/websites/whatever.com/html
ServerName whatever.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

Do not forget to create the SSL entry as well:

<VirtualHost 1.2.3.4:443 [2001:4800::2]:443>
DocumentRoot /home/someuser/websites/whatever.com/html
ServerName whatever.com
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
SSLEngine on
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite "YOURPREFEREDSUITE"
SSLCompression off
SSLCertificateFile /home/someuser/ssl/whatever.com.crt
SSLCertificateKeyFile /home/someuser/ssl/whatever.com.key
SSLCertificateChainFile /home/someuser/ssl/gd_bundle.crt
</VirtualHost>

One thought on “Forcing users to use HTTPS the simple and secure way”

nerd nuggets

one morsel at a time

Forcing users to use HTTPS the simple and secure way

One thought on “Forcing users to use HTTPS the simple and secure way”

Leave a ReplyCancel reply