+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Re-direction from HTTP to HTTPS (/showthread.php?tid=51717)
Re-direction from HTTP to HTTPS - El Forum - 05-14-2012
[eluser]Angel Lay[/eluser]
I got this message from trustwave.
Remediation: All web application communications containing sensitive information should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP to HTTPS is utilized in an attempt to remediate this finding, please ensure that such re-direction occurs on the server side of the system (for example via the use of the HTTP "Location" header element) and that re-direction is not reliant upon the client (browser) side
Then I use the following code in .htaccess
Code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=offbut I cann't go through.
Any one know this one ?
Thanks
Re-direction from HTTP to HTTPS - El Forum - 05-14-2012
[eluser]weboap[/eluser]
you are redirecting based on HTTPS, can you try based on server port
Code:
RewriteCond %{SERVER_PORT} !^443$