Keep your Websites Secure by Forcing HTTPS Connections
Novell Cool Solutions: Tip
Digg This -
Posted: 29 Jul 2004
Want to prevent your web sites from being accessed without encryption? You should if your users transmit or receive private information, such as user name, password, or other sensitive data, remotely. The HTTP protocol sends that data in plain text, which could be sniffed by someone else within few seconds.
Here's how you set it up.
NOTE: Your Apache web server must already be configured for HTTPS connections.
Append the following lines to the Apache configuration file /etc/httpd/httpd.conf:
<VirtualHost _default_> Redirect permanent / https://NAME.OF.WEBSERVER/ ServerName NAME.OF.WEBSERVER ServerAdmin firstname.lastname@example.org </VirtualHost>
Modify the entries to your needs. After the Apache configuration is reloaded, all plain HTTP requests are redirected to encrypted HTTPS. This makes it much more difficult to sniff sensitive data.
Applies to: SUSE Linux, SUSE Linux Enterprise Server, SUSE Linux Openexchange Server, SUSE Linux Office Server, SUSE Linux Groupware Server, SUSE Linux School Server, SUSE Linux Standard Server
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com