[Techtalk] implementing HTTPS-only sitewide

chris chris.madrone at gmail.com
Thu Sep 6 00:47:18 UTC 2012


To redirect the entire site, you could use a redirect 

Redirect permanent / https://subdomain.domain.com/

However, SSL can be slow so I wouldn't run an entire site over SSL unless it was necessary or had low traffic.

On my server, I create the following rules  for redirecting admin areas to https 
(the paths and file structure are Ubuntu-based so YMMV since the default Apache layout is different from other distros)

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.

    Listen 443
    NameVirtualHost *:443
    SSLStrictSNIVHostCheck on

In my VirtualHost configuration, I've got the following

<VirtualHost *:443>
DocumentRoot /var/www/domain/dev
ServerName dev.domain.net
SSLEngine on
SSLCertificateFile /etc/ssl/crt/domain.crt
SSLCertificateKeyFile /etc/ssl/crt/domain.key

<IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteRule !^/admin/(.*) - [C]
                RewriteRule ^/(.*) http://www.mysite.com/$1 [QSA,L]

hope that helps

More information about the Techtalk mailing list