Author | Topic: SSL | |
---|---|---|
Allen Lee | SSL on Mon, 20 Sep 2004 22:06:11 -0700 Hi Everyone; Our website employs: action="https://oursite.com/cgi-bin/waa1gate.exe" in the form tag of one page to invoke SSL when personal data is passed from the client to the server. All other pages use: action="/cgi-bin/waa1gate.exe" Our clients want to see the "security lock" icon on all pages even though NO personal data is being passed. They want the entire site secure not just the page where it is functional. Question: What changes need to be made to accomplish this? Do I need to add "https://oursite.com" before all "/cgi-bin/waa1gate.exe" ? Is there a better solution? Allen Lee | |
Phil Ide | Re: SSL on Tue, 21 Sep 2004 10:40:26 +0100 Allen, > Hi Everyone; > Our website employs: action="https://oursite.com/cgi-bin/waa1gate.exe" in > the form tag of one page to invoke SSL when personal data is passed from the > client to the server. > All other pages use: action="/cgi-bin/waa1gate.exe" > Our clients want to see the "security lock" icon on all pages even though > NO personal data is being passed. > They want the entire site secure not just the page where it is functional. > > Question: What changes need to be made to accomplish this? > Do I need to add "https://oursite.com" before all "/cgi-bin/waa1gate.exe" ? > Is there a better solution? One of my sites began life as an HTTP site, and later I migrated it to HTTPS. This is fairly trivial to do. I am using Apache, so I'll show you how to do it Apache style, but the principles should work across any web browser. My document root is: public_html\ I create a new directory in here called non_ssl: public_html\non_ssl\ In here I create an index.html (or default.html or whatever). <html> <head> <META HTTP-EQUIV="refresh" content="5;URL=https://www.shorttermcover.com/index.html"> <title>ShortTermCover.com</title> </head> <body> <center> <h1>www.shorttermcover.com</h1> The website you are trying to access is hosted on a secure server. Please update your browser's links to use this address: <p> <a href="https://www.shorttermcover.com"> https://www.shorttermcover.com</a> </p> </body> </html> This will attempt to redirect people to the HTTPS site (and gives them a link in case their browser doesn't support this feature). Next, you need to eit your VHost sections. In the VHOST for your HTTP site, just make the DocumentRoot = public_html\non_ssl I assume you have your SSL configuration already setup - basically this should map set DocumentRoot to public_html\ That my friend, is all there is to it Regards, Phil Ide *************************************** * Xbase++ FAQ, Libraries and Sources: * * goto: http://www.idep.org.uk/xbase * *************************************** "If the shoe fits, buy it." (Imelda Marcos) |