0

Webserver using is nginx Suppose i have a website http://www.test.com. and then there is https://test.com?market. Iam redirecting all https to 301 http for test.com Suppose i want to enable https strict transport security header for url .I can add it easily in nginx. But the problem is that test is also moving to https by browser (which is a 307 redirect) and from the server it is again redirecting to resulting in a infinite loop for test,

melvil james
  • 592
  • 7
  • 18
  • "Iam redirecting all https to 301 http for test.com" Why? And why would you want to use hsts in that case? – PeeHaa Aug 15 '15 at 19:31
  • that is for http:// test.com?market to https:// test.com?market. But i want http://test.com to be run in http and not https. so iam redirecting https ://test.com --> http ://test.com at nginx – melvil james Aug 15 '15 at 19:35
  • **Why** would you not want to run it under https? – PeeHaa Aug 15 '15 at 19:50
  • @PeeHaa Thanks for the fast response. Its only a static page, My basic question is that i dont want to do redirect for http:// test.com *using hsts 307 from browser to https) – melvil james Aug 15 '15 at 19:52

1 Answers1

1

HSTS apply for all the page of the domain without exception. So it's not possible. (307 is just an internal code of the browser to indicate the http->https redirect forced by HSTS)

Furthermore, it's important to use https even for static pages. (If you need more details just ask!)

Tom
  • 4,666
  • 2
  • 29
  • 48