ssl question
- Started
- Last post
- 7 Responses
- zackgilbert
I have a shared server at media temple for a client and it appears that the https site is useless, because the http and https sites mirror each other. What's the point when someone can just find the unsecure (http) version on the secure (https) server? does anyone else find it useless? am i just going to have to use a plesk account so i can have separate folders for each?
also, are there any good resources for getting a good grasp on ssl, https and certificates?
- QuincyArcher0
well, you need to force them to use https somehow...whether you chose to set that up in you code, or use the webserver to setup a redirect...etc...there are options out there.
- zackgilbert0
if you wouldn't mind, what's the best way, in php, to make sure someone isn't using something like snoopy to fake the referral and sending in external data to the unsecure site rather than using the secure site?
best suggestions for making sure a flash game, which sends variables to a php script which sends to a database, is secure? im looking into flashcom, but i want to get general ssl covered before i move on to that.
thanks in advance.
- QuincyArcher0
bare with me, i user asp, not php
well, what i usually do is test to see if their using https, and redirect them if they're not.
looks like you can use the php server variable SERVER_PROTOCOL to check how their connecting...
- zackgilbert0
thanks for the help! while server_protocol doesn't do the trick (both http and https return HTTP/1.1), i can figure it out because of the server name. so as long as the server name of the script isn't on the unsecure domain, then i can direct.
Thanks, Quincy.
- deplifer0
Make an .htaccess file,put it in the root folder where you
want to have the ssl connection# put this into .htaccess file
# start code
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{HTTP_HOST}/$0 [R,L]
#end codeworks fine for me redirects somebody trying to access your site trough http directly to
https and redirects with the correct quieries.
- QuincyArcher0
Thanks, Quincy.
zackgilbert
(May 10 05, 12:41)anytime.
- deplifer0
No problem.
If it doesn't work just say so.
Works just fine for me on an acccount on MT too.