I am trying to redirect from an old domain to a new domain using a DNS redirect, but https protocol refuses to redirect to the new site. What is the best solution for this problem ?
Is the only way to handle this kind of redirect within the application code on the server?
Related
I have one website on IIS 8. The trick is that I have multiple domains connected to this website. I have certified one of them so far. Because of this, I can't just redirect all HTTP to HTTPS. This is my attempt at doing the redirect to HTTPS for a specific domain. It does not work. Its not common to not do all or nothing for the redirect so there isn't many resources for this online.
Thank you for the help! Example1
Example2
I want to host my API application in a separate server and route it through subdomain fo example api.example.com. My domain is hosted at HostGator. I have created a subdomain and redirect it to the API server by providing the IP address.
The application is written in Codeigniter for RestAPI. Whenever I call any API method by referring the subdomain it shows 404 error (api.example.com/myclass/myfunction), but if I access the same API using a direct link (192.0.2.1/myclass/myfunction) by providing the IP address of the server, it is returning correct result.
Please suggest any configuration change needed.
You can add A record on sub domain, if application is hosted on port 80.
You can simply add A RECORD as
192.0.2.1 api.example.com
You should have option to create DNS zone on hostgator.
I'm presently using htaccess to force redirection to https for my website but I'm finding that redirected traffic is taking >1.5 seconds longer to receive the first file from the server than direct to https traffic.
What is the fastest way to force https for the whole site?
I believe that .htaccess is the fastest way to force https.
This is because .htaccess is a configuration on the web server (Apache), which is the first system to receive the http request.
Browser => DNS => Load Balancer => Web Server => Application
You could also force https at the application level but it would mean you have to go thru the server first. Unless you are using a load balancer, the web server is the first point contact a browser has with your https rules.
Of course, the fastest way would be to make sure all the links you are sending are in https so that the user never goes thru a redirect (301).
I currently have a website that use to have an SSL so the web address started with https://
I moved the website to a new server and platform which doesn't have an SSL so the web address starts with http://
I have inbound links going to the https address that I am wanting to redirect to the new website http url. Is this possible without me having to reinstall a new SSL on the new server? Is so, what could a possible solution be?
I have searched and found some promising stuff, but nothing worked. The hosting account is running on Cpanel v11.38.2 and Apache v2.2.23. Thank you for any insight, it is greatly appreciated!
Regards
To accept an HTTPS connection even only to return a redirect, you must still accept HTTPS connections in the first place, which means you need HTTPS installed and turned-on, either with a real certificate or a self-signed one.
For details on how to achieve the actual redirection, perhaps this question can help you: How do you redirect HTTPS to HTTP?
Is there anything wrong with configuring a webserver to map SSL traffic (port 443) to the same document root as normal traffic (port 80)?
Using the same document root for both http and https means you need to implement the following:
On each page that needs to be secure, there needs to be some application code that redirects the user to the https version if they somehow got to the http version (or to rediect the user to the login page if they have no session).
The login page always needs to redirect to the https version.
For pages that are accessible via both http and https, you need to set a canonical URL to ensure it doesn't appear like you have duplicate content.
Is there a better way to configure encryption of user account pages? Is there a best practice to separate website into HTTP and HTTPS sections?
It's not necessarily wrong to do this, but as your points 1..3 show, it introduces complications. It seems to me that setting up a separate document root might be a lot simpler than working around the complications.
In Internet Information Server 7.X you can define a "secure path" which is require to access with HTTPS and you can redirect the user to a user-friendly error page.
Maybe this can be a good solution to mix the document root and keep parts of the application secured.
Redirecting http automatically to https allows for man-in-the-middle attacks and is therefore not recommended. A man-in-the-middle could manipulate your HTTP traffic to send you to a malicious HTTPS site that resembles your HTTPS content.