summaryrefslogtreecommitdiff
path: root/web/cgi/session/_htaccess
blob: eb852fb76ea501e65e0238cabe77a94cde622414 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

DirectoryIndex greeting.tcl

#
# mod_rewrite rules to coerce secure (https) access to underlying pages
#

RewriteEngine on

#
# If the server's connecting port isn't secure (https), then
# redirect request to same location but such that the communication
# is secure.  NOTE: this isn't as secure as turning off the unsecure
# port because any confidential information in the request is exposed
# in the unsuspecting request on the unsecure port.  Shouldn't really
# be a problem since the secure content should only contain secure
# references and the likelihood that a client mucks with the url into
# a reference to secure content is pretty darn small.
#

RewriteCond %{SERVER_PORT} !=443

#
# Include SCRIPT_URL in case webpine package isn't in the
# root of the server's data
#
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=permanent,L]