Novell Home

Keep your Websites Secure by Forcing HTTPS Connections

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 29 Jul 2004
 

Want to prevent your web sites from being accessed without encryption? You should if your users transmit or receive private information, such as user name, password, or other sensitive data, remotely. The HTTP protocol sends that data in plain text, which could be sniffed by someone else within few seconds.

Here's how you set it up.

NOTE: Your Apache web server must already be configured for HTTPS connections.

Append the following lines to the Apache configuration file /etc/httpd/httpd.conf:

<VirtualHost _default_>
Redirect permanent / https://NAME.OF.WEBSERVER/
ServerName NAME.OF.WEBSERVER
ServerAdmin mailadmin@example.com
</VirtualHost>

Modify the entries to your needs. After the Apache configuration is reloaded, all plain HTTP requests are redirected to encrypted HTTPS. This makes it much more difficult to sniff sensitive data.

Applies to: SUSE Linux, SUSE Linux Enterprise Server, SUSE Linux Openexchange Server, SUSE Linux Office Server, SUSE Linux Groupware Server, SUSE Linux School Server, SUSE Linux Standard Server


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell