forcing to use SSL
 

Greetings;

Im using SLES9 , apache2

I want to force my webserver to use https. When I browse https://domain.com...it works properly...and If I type http://domain.com..still it appears and this I dont want to happen..I want to force it to use https:confused:

Https listens at port 443 usually, and regular http listens at 80.

You have a few choices. To be drastic, you can configure apache to only listen to port 443. Then if somebody tries http://yourdomain.com, they would get host not found, or some such error. A more friendly solution would be to create a page at http that forces a redirect to https, but that wouldn't be absolute. People could still browse to pages other than the first page under http.

Peace,
JimBass

use 443
 

Now if I enable apache to use only 443....and if a user tries http://domain.com, he will not recieve errors but he will be redirected to https://....Is this possible.How? :scratch:

No, that isn't possible. If you don't listen at 80, how would you redirect from 80 to 443? Something would need to receive the request at port 80, and give a link on to 443. If that is what you want, then you have to have a page at port 80 that catches the http request and changes it to https. A simple 1 line page that is just a hyperlink to the https address would be fine, or you can get fancy and do one of those "you will be redirected in X seconds" jobs.

Peace,
JimBass

The firewall can probably do it. Query Google with some combination of the words "transparent proxy iptables redirect" and I'm sure there will be tons of hits. I can't remember the exact iptables command off the top of my head. It probably uses the PREROUTING or FORWARD chain.