summaryrefslogtreecommitdiff
path: root/web/cgi/session/.htaccess
diff options
context:
space:
mode:
Diffstat (limited to 'web/cgi/session/.htaccess')
-rw-r--r--web/cgi/session/.htaccess28
1 files changed, 28 insertions, 0 deletions
diff --git a/web/cgi/session/.htaccess b/web/cgi/session/.htaccess
new file mode 100644
index 00000000..a4f615c2
--- /dev/null
+++ b/web/cgi/session/.htaccess
@@ -0,0 +1,28 @@
+
+DirectoryIndex greeting.tcl
+
+#
+# mod_rewrite rules to coerce secure (https) access to underlying pages
+#
+
+RewriteEngine on
+
+#
+# If the server's connecting port isn't secure (https), then
+# redirect request to same location but such that the communication
+# is secure. NOTE: this isn't as secure as turning off the unsecure
+# port because any confidential information in the request is exposed
+# in the unsuspecting request on the unsecure port. Shouldn't really
+# be a problem since the secure content should only contain secure
+# references and the likelihood that a client mucks with the url into
+# a reference to secure content is pretty darn small.
+#
+
+RewriteCond %{SERVER_PORT} !=443
+
+#
+# Include SCRIPT_URL incase webpine package isn't in the
+# root of the server's data
+#
+RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=permanent,L]
+