Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

In the long journey of security, moving from HTTP to HTTPS is one of the many steps you will need to do. So, the first question is: why you just don't close port 80/tcp? Answer is more a SEO matter than a security one; if you close the port 80/tcp, when Google and any other indexing engine will try to contact you, it will time-out. This, at Google's eyes means an off-line server; an off-line server is a candidate to be taken out of the indexing.

Doing a proper redirection, for example from http://inside-out.xyz/path/script.php?parameters to https://inside-out.xyz/path/script.php?parameters is the correct way. Google will understand the HTTP error code 301 and it will reindex you with the correct URL.

Here it is my .htaccess file I use:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^127.0.0
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This will allow HTTP redirection for all queries but those who come to IP 127.0.0.x. You can play with the regular expresion to do exceptions.

Remember to modify Apache's configuration in the <Directory> tag to allow all to be overwritten.

Enjoy!

blog comments powered by Disqus

About

Read about IT, Migration, Business, Money, Marketing and other subjects.

Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.