-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Felix,
On 2/25/20 11:10, Felix Schumacher wrote: > > Am 25.02.20 um 16:57 schrieb Christopher Schultz: >> Felix, >> >> On 2/25/20 10:53, Felix Schumacher wrote: >>> as more and more browsers are marking http as unsecure, we >>> should redirect all http requests to tomcat.apache.org to >>> https. >> >>> We can enable that by adding a rewrite rule to the .htaccess >>> file in the xdocs folder of our site repo. >> >>> For JMeter we used the following fragment: >> >>> RewriteEngine On >> >>> # Redirect http to https # From Cordova PMC Member raphinesse >>> # https://s.apache.org/An8s >> >>> # If we receive a forwarded http request from a proxy... >>> RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR] >> >>> # ...or just a plain old http request directly from the client >>> RewriteCond %{HTTP:X-Forwarded-Proto} ="" RewriteCond %{HTTPS} >>> !=on >> >>> # Redirect to https version RewriteRule ^ >>> https://%{HTTP_HOST}%{REQUEST_URI} [L] >> >> Query string? Or is that part of REQUEST_URI? > > If I read the documentation for REQUEST_URI right, that > QUERY_STRING is not part of it. > > Hm, another way to do this would probably be > > RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [L] > > Taken partly from > https://cwiki.apache.org/confluence/display/HTTPD/RewriteHTTPToHTTPS > > Do you think that would be better? Yes. I don't think we have any pages which actually require a query-string, but it's better to do it properly from the outset rather than patching it ad-hoc whenever certain things don't work. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5VhyMACgkQHPApP6U8 pFiSGw//VRNgOb8BgzKQ/tXdyhwL5K1Qgp1mhD+Pel99dcctI2ECRXZB862LExgw QBqDPHZjjUpY06rVznw6U1Sz4QEpmCwk/uNYwR7YplQih11GJRyNGDojxl8IWVoL 9PcIiJ5V/hl3PkTNl4/7RUttg1PIefVkLFLh00yiDJJMW0H5cnwc26HAgkO6s5dy 0mjNGShayTS8cpI1bkEqxiGMYKHoaK+XkBFWwSOCxCXbErpMxLZwfCislFyIPO6u oxIsOrnHXiWy69rHcyCtAl5YoxykNXKzEw9Ru23Ru8GeZVEM5crRwmLjfvVhXsbq lnIW8nsGgJE2UXscj8hDorvJNx+CJvgK3NjNeOoSMcE9vOfUpzjoQIJHSvxqqEkR dVXHYi4ixtb0eSzdgdxEYlo9MmVFT0BtsHs186pAwITSvwQ3TY9K75DymtO0WT9U YjXJ8NpcD8enG07TtzQ0laL9sW8YKhHLpxbhXPm2rUN9lZwNyN9L76GZIuCjB3IC McwAi4f/I32ijDN8dO4g8c5akoGmD3C1q4lhfqd/RU6eGKFsIJJvByN3AU/bToVg joSd1tYCD+rXxIahpsIKphxUSY6JJHEaOBooHWU1OyNkUg8qErhnV6sLH+yS1LlT 5jnpgxu+YPuXMMyreMyXhaX6ZY7he2jo2ntMGu7sFCEuTBPlJ4Y= =7Gng -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
