Force SSL and Redirect Problems

  • devilwood
  • Silver Member
  • Silver Member
  • User avatar
  • Posts: 436

Post 3+ Months Ago

We use a website I created for just internal purposes (a little data entry). The site is No followed, I have index.htmls in all the directories, all the site files are in subdirectories and the pages are session protected with a login page. I still wanted to be able to access the application wherever I was so I didn't completely lock it down. When I first installed the application I didn't worry about SSL because I've read fairly easy ways around it if the PCs are on a corporate network. Well, this week I decided to encrypt the site and figured I might as well make anyone wanting to sniff the traffic have to jump through a few hoops. Our server people got SSL installed and working but I can access the site through HTTP or HTTPS. I can also login as HTTPS and then I can remove the S on any of the subsequent pages and go back to HTTP with the same browser session. The server people told me I need to setup a redirect for every page!!!! I told them this sounds crazy and they've got to provide me some other solutions but they didn't seem like they knew much more. I told them to work on it. I couldn't believe that another site with 2 or 3 times more content than our site would have to do the same thing. Any ideas that I can explore on how to keep them from being able to go to HTTP now that SSL is installed.

I guess I could just put the redirect on the index/portal to the site, but I don't like the fact that removing the S will just swap them back to HTTP.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9089
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

What sort of web server is this website hosted on?

If they are using Apache, it would be very easy to stop serving the website on Port 80 which is for http, and only server it on Port 443 which would be the https version of your website. The regular http version of your website wouldn't even load anymore. It sounds like the way they have it setup right now they are serving your website on both port 80 and 443.

Also if it is on an Apache server, you could also easily write some htaccess rules (if your host allows you to use htaccess files) that would automatically redirect all pages that load http to load https. I actually do this on parts of Ozzu as I don't want certain pages being insecure such as login pages so that passwords entered are not in plain text across networks.

So there are a few ways around it for sure without having to edit every single file on your server. That way just sounds ridiculous!
  • devilwood
  • Silver Member
  • Silver Member
  • User avatar
  • Posts: 436

Post 3+ Months Ago

Thanks. Sorry I'm just now getting back. I've been swamped.

It's a dedicated server but we have the fully managed package. The server people took care of it with an htaccess rule. Cutting port 80 may have been alright but that would have broke everyone's shortcut.

The rep helping me obviously finally got to someone who knew that adding a redirect rule in cpanel for every page is impossible. I guess they didn't realize how ridiculous that sounded.

Thanks for the help. I just wanted to be sure I could call them out.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9089
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Yeah sometimes you need that bit of information so you can call them out on things so that they can do it the right way!

Glad you were able to get things resolved :)

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 9 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.