I'd like to redirect http to https so that users who don't specify
https are forced to use it, especially for login/password
transactions. Also it would be nice if the admin pages, which are
blocked in http, would redirect, rather than fail.
There were some postings about htaccess in the group, but none seem to
have ever solved the problem.
I do have control over the server, so I could put mod_rewrite commands
in the virtual host section of the config. Can anybody give me
pointers on exactly what to protect? Should I do something like this:
<Directory /opt/web_apps/web2py>
RewriteEngine On
RewriteCond %{SERVER_PORT} =80
RewriteRule (.*) https://hostname.example.com/$1 [L,R]
</Directory>
Or is something more complex required.
