[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] SSL (HTTPS) only for an EPrints repository



On 25 Aug. 2017 18:51, "John Salter" <J.Salter at leeds.ac.uk> wrote:

Hi Tomasz,

In the non-secure virtual host, the following line will redirect all
traffic.

This will redirect clients that don't honour the HSTS headers, as well as
pointing clients in the right direction in the first place.

Whilst testing, you might want to leave out the 'permanent' part.



<VirtualHost *:80>

...

   Redirect permanent / https://your.repo/

</VirtualHost>



Matthew,

I'm guesing you have something similar somewhere in you :80 vhost?

If not, and the HSTS headers are only sent for the :443 vhost, how does the
initial redirect work?



Cheers,

John


I've intentionally allowed existing http requests to continue the old
fashioned way, mostly because I don't trust that all the robots that
interact with the site would be able to cope with a redirect. ?

For first-time human traffic we mostly rely on good links -- Google prefers
to serve up https links, and most (all?) of the links in the site itself
ought to be to https urls. Actually, I believe that the stylesheet and
image srcs are also https. So while you might be able to fetch a http page
once, it'd be very hard to do so a second time if your browser honours
HSTS.

Cheers
-- 
Matthew Kerwin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20170825/71731676/attachment.html