SDB:Forcing HTTPS Connections

Şuraya atla: kullan, ara


Concern

You want to prevent your web sites from being accessed without encryption. This should be the case if users transmit or receive private information, such as user name, password, or other sensitive data, remotely. The HTTP protocol sends that data in plain text, which could be sniffed by a second person within few seconds.

Condition

Your Apache web server must already be configured for HTTPS connections.

Solution

Append the following lines to the Apache configuration file /etc/httpd/httpd.conf: 

<VirtualHost _default_>
Redirect permanent / https://NAME.OF.WEBSERVER/
ServerName NAME.OF.WEBSERVER
ServerAdmin mailadmin@example.com
</VirtualHost>

Modify the entries to your needs. After the Apache configuration was reloaded, all plain HTTP requests are redirected to encrypted HTTPS. This makes it much more difficult to sniff sensitive data.

<keyword>https,force,apache,ssl,secure,http</keyword>

"https://tr.opensuse.org/index.php?title=SDB:Forcing_HTTPS_Connections&oldid=2942" adresinden alındı.