[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Redirect http to https
- Subject: RE: [cobalt-users] Redirect http to https
- From: "Steven Young" <steven.young@xxxxxxxxxxxxxxx>
- Date: Tue Jan 8 11:34:30 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> > > I have PHP installed which lets you easily force any page to be
> > > accessed via
> > > SLL. Just add the following PHP to the top of each page you want to be
> > > accessed only via SSL.
> >
> > Thanks Steve, I do have php installed as well and use it a lot, I'm just
> not
> > sure I want to give it to each customer who needs this as I charge extra
> for
> > php in our hosting package. The other method seemed so simple with
> > .htaccess just a shame it didn't work when I tried but maybe someone out
> > there can figure out why.
>
>
> why can't you just have a simple redirect?
>
> http://www.yoursite.com/index.html
>
> which contains
>
> <meta http-equiv="refresh" content="0; url=https://secure.yoursite.com";>
>
> too easy?
>
If a user goes directly to the page securely (e.g.
https://www.yoursite.com/index.html) it will still refresh although it is
already over SSL. Not really a problem but maybe slightly annoying....
Also, because the redirect would be performed on the client side, can you
always guarantee the page will be refreshed / redirected? Do any browsers
allow the user to disable this refresh feature? If security is a must then
would be you happy with this???
If you don't want to use PHP can you not use the .htaccess suggestion
earlier but put .htaccess in a subdirectory containing the files you want to
be accessed only via SSL?
~
Steven