[eluser]Angel Lay[/eluser]
I got this message from trustwave.
Remediation: All web application communications containing sensitive information should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP to HTTPS is utilized in an attempt to remediate this finding, please ensure that such re-direction occurs on the server side of the system (for example via the use of the HTTP "Location" header element) and that re-direction is not reliant upon the client (browser) side
Then I use the following code in .htaccess
Code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
but I cann't go through.
Any one know this one ?
Thanks
