Differences
This shows you the differences between two versions of the page.
| — |
litespeed_wiki:config:https-redirect [2015/07/30 18:16] (current) Michael Alegre created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ===== Use rewrite rule to redirect http to https connection ===== | ||
| + | For first entry server accepting connection from unsafe WAN: | ||
| + | |||
| + | rewriteCond %{HTTPS} !on | ||
| + | rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] | ||
| + | |||
| + | If used on another server behind internal load balancers, ssl off-loaders: | ||
| + | |||
| + | rewriteCond %{HTTPS} !on | ||
| + | rewriteCond %{HTTP:X-Forwarded-Proto} !https | ||
| + | rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] | ||
| + | |||
| + | The difference in the two rules are the check for X-Forwarded-Proto header which can be spoofed and thus not a good check to use at the first point of contact from WAN. | ||