Posted by & filed under Security.

So you have been using SSL on your Apache website for some time now; to get here you had to do a few things:

  1. You scrubbed your site content to ensure all URLs are using their relative form, e.g. “src=’//images\image.png” or explicitly reference the use of HTTPs.
  2. You have tested for certificate and SSL related problems like mixed content, appropriately tagging cookies as secure.
  3. You have ensured that you follow the best practices guidance for SSL server configuration and verified you get an A on  SSLLabs.

Are you done? Not yet there are a few things left for you to do, the most obvious being redirecting all traffic to the SSL version of your site!

This is easy enough to accomplish but before you do so you should probably monitor your CPU usage during your peak so to ensure you have some headroom. This isn’t likely to be a problem as most web-servers are not CPU bound but it’s always good to check.

Once you know you are OK then it’s just a matter of turning it on which requires:

1. Re-writing HTTP URLs from HTTP to HTTPS via .htaccess  by adding the following lines (or their equivalents):

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

2. Restarting Apache

Now just go to your website over HTTP and you will see you are redirected to the HTTPS instance of the site.

Ryan

 

Additional Resources

RewriteRule Flags

Mod_Rewrite

 

 

Leave a Reply

  • (will not be published)