0

i have a webserver and I have enabled the apache2 ssl/tls. so I can access my website with "https://IPADDR".

but i can also access with just "http://IPADDR".

is it possible to block non-ssl/tls using html connection requests from the server side? (something like more configuration with apache2)

kwagjj
  • 111
  • 1

1 Answers1

5

Are you sure you want to refuse connections, and not just redirect?

You can implement a more user friendly experience by having your http:// connections redirect to https://

Example:

<VirtualHost *:80>
    ServerName www.yoursite.com
    ServerAlias yoursite.com

    Redirect permanent / https://www.yoursite.com/
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on
    ...
</VirtualHost>

If someone goes to http://IPADDR/foo/bar?whatever they will be seamlessly redirected to https://IPADDR/foo/bar?whatever.

gregmac
  • 1,579
  • 4
  • 18
  • 27