Keep your Websites Secure by Forcing HTTPS Connections

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 29 Jul 2004

Want to prevent your web sites from being accessed without encryption? You should if your users transmit or receive private information, such as user name, password, or other sensitive data, remotely. The HTTP protocol sends that data in plain text, which could be sniffed by someone else within few seconds.

Here's how you set it up.

NOTE: Your Apache web server must already be configured for HTTPS connections.

Append the following lines to the Apache configuration file /etc/httpd/httpd.conf:

<VirtualHost _default_>
Redirect permanent / https://NAME.OF.WEBSERVER/
ServerAdmin mailadmin@example.com

Modify the entries to your needs. After the Apache configuration is reloaded, all plain HTTP requests are redirected to encrypted HTTPS. This makes it much more difficult to sniff sensitive data.

Applies to: SUSE Linux, SUSE Linux Enterprise Server, SUSE Linux Openexchange Server, SUSE Linux Office Server, SUSE Linux Groupware Server, SUSE Linux School Server, SUSE Linux Standard Server

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© Micro Focus