SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Mar 2009
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    https "s" security

    Our website has SSL enabled. However, when I take out the "s" in the https url, the url doesn't rebuilt itself with the "s" posing a security issue. What can I do to make the "s" pop back in there? Try it -> https://thehistoryshop.com/authentic...my-account.php Take out the "s" and see what happens. Thanks!

  2. #2
    SitePoint Evangelist speda1's Avatar
    Join Date
    Jan 2002
    Posts
    550
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you running Apache? You should be able to setup the redirect either in httpd.conf or in your vhost.

  3. #3
    SitePoint Member
    Join Date
    Mar 2009
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is this a task for my hosting company?

  4. #4
    SitePoint Evangelist speda1's Avatar
    Join Date
    Jan 2002
    Posts
    550
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Did they install the cert? If so, then yeah, I'd kick it back to them.

  5. #5
    SitePoint Enthusiast Ryo-ohki's Avatar
    Join Date
    Jul 2006
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this isn't really a matter for the hosting company. you obviously have the certificate set up and your website configured to use it. the thing is that someone putting in https just makes the server utilize the encryption. if they typed in http they would get the insecure version of the site because the user isn't telling the server to process the information securely. you should edit your .htaccess file to make sure users are redirected to the secure version of your website if they type http instead of https. google is your friend (well not really but i'm sure good resources will come up if you do a search about it)

  6. #6
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,629
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Taking the protocol declaration out is pretty counterproductive. Why are you intent on removing it?

  7. #7
    SitePoint Enthusiast Ryo-ohki's Avatar
    Join Date
    Jul 2006
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Taking the protocol declaration out is pretty counterproductive. Why are you intent on removing it?
    The OP doesn't want to take it out. He was just wanting us to do it to see what he was talking about as far as from the viewpoint of his users. He doesn't want that sort of situation to even happen and writing redirection rules in the .htaccess file would take care of it


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •