https://issues.apache.org/bugzilla/show_bug.cgi?id=45801
--- Comment #4 from Liam Morland <[email protected]> 2009-06-05 10:53:22 PST --- The desire to redirect from http to https is a common one. Getting it right is important for security. One can use mod_rewrite to do this, but not if SSLRequireSSL is specified. One of the reasons for SSLRequireSSL is "for defending against configuration errors that expose stuff that should be protected". It's handy to have a simple, one-line configuration which provides that security. My suggestion: create an optional parameter so that one could put in a config file "SSLRequireSSL Redirect". This would issue a redirect to non-SSL connections before any other access controls or authentication would be tested. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
