View previous topic :: View next topic |
Author |
Message |
Spud2004 -
Joined: 12 Sep 2004 Posts: 29
|
Posted: Tue Sep 06, 2022 8:43 pm Post subject: Custom error page 403 (forbidden) if server only allow https |
|
|
Is it possible to display a custom error page to http users when only https is allowed? |
|
Back to top |
|
|
Horizon -
Joined: 18 Feb 2022 Posts: 54
|
Posted: Tue Sep 06, 2022 10:52 pm Post subject: |
|
|
Hello,
You can do this, but it would be useless.
Much better solution is to simply throw a redirect to HTTPS for any HTTP request.
Basically put the whole / in the 'Serve only over HTTPS' section.
What you want would throw error messages to almost all web browsers when the users type yourdomain.com.
By default, all websites are requested over HTTP first.
This is totally faulty, but this is the way it is.
And search engines might accidentally index your custom 403 pages.
If you still want to do the custom 403 page, you can use URLRewrite:
Check that the SSL_PROTOCOL CGI variable exists (or does not exist).
Forcefully redirecting to HTTPS is better than simply throwing error messages to HTTP users.
You can also use HSTS afterwards to tell web browsers to remember that your website requires HTTPS.
Is the 403 page idea what you truly wish to do? |
|
Back to top |
|
|
Spud2004 -
Joined: 12 Sep 2004 Posts: 29
|
Posted: Fri Sep 09, 2022 11:11 am Post subject: |
|
|
Quote: |
Basically put the whole / in the 'Serve only over HTTPS' section.
|
Where is the server only section to put a "/" (URL Rewriting?)
I am using an ACME certificate.
Should the protocol be https or https+http when routing http traffic to https?
I changed to use both. |
|
Back to top |
|
|
Spud2004 -
Joined: 12 Sep 2004 Posts: 29
|
Posted: Fri Sep 09, 2022 11:50 am Post subject: |
|
|
You got me there, Horizon.
1. Protocol:HTTP + HTTPS
2. Configure, General, Advanced parameters, Exclusively serve on HTTP. Virtual path: /
Thank you very much
Quote: |
Exclusively Serve On HTTPS: If a request's virtual path matches with one of the paths or the patterns declared in that table, and if the request was received on a non-secure (HTTP) connection, the server generates a redirection to the same virtual path but using HTTPS to force it to be served on a secure connection. The Exclusively Serve On HTTPS table is available only when the current host's Protocol is set to HTTP+HTTPS. |
|
|
Back to top |
|
|
|