Custom error page 403 (forbidden) if server only allow https

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Spud2004
-


Joined: 12 Sep 2004
Posts: 29

PostPosted: Tue Sep 06, 2022 8:43 pm    Post subject: Custom error page 403 (forbidden) if server only allow https Reply with quote

Is it possible to display a custom error page to http users when only https is allowed?
Back to top View user's profile Send private message
Horizon
-


Joined: 18 Feb 2022
Posts: 54

PostPosted: Tue Sep 06, 2022 10:52 pm    Post subject: Reply with quote

Hello,
You can do this, but it would be useless.

Much better solution is to simply throw a redirect to HTTPS for any HTTP request.
Basically put the whole / in the 'Serve only over HTTPS' section.

What you want would throw error messages to almost all web browsers when the users type yourdomain.com.

By default, all websites are requested over HTTP first.
This is totally faulty, but this is the way it is.

And search engines might accidentally index your custom 403 pages.

If you still want to do the custom 403 page, you can use URLRewrite:
Check that the SSL_PROTOCOL CGI variable exists (or does not exist).

Forcefully redirecting to HTTPS is better than simply throwing error messages to HTTP users.

You can also use HSTS afterwards to tell web browsers to remember that your website requires HTTPS.

Is the 403 page idea what you truly wish to do?
Back to top View user's profile Send private message
Spud2004
-


Joined: 12 Sep 2004
Posts: 29

PostPosted: Fri Sep 09, 2022 11:11 am    Post subject: Reply with quote

Quote:

Basically put the whole / in the 'Serve only over HTTPS' section.


Where is the server only section to put a "/" (URL Rewriting?)
I am using an ACME certificate.

Should the protocol be https or https+http when routing http traffic to https?
I changed to use both.
Back to top View user's profile Send private message
Spud2004
-


Joined: 12 Sep 2004
Posts: 29

PostPosted: Fri Sep 09, 2022 11:50 am    Post subject: Reply with quote

You got me there, Horizon.

1. Protocol:HTTP + HTTPS
2. Configure, General, Advanced parameters, Exclusively serve on HTTP. Virtual path: /
Thank you very much
Quote:

Exclusively Serve On HTTPS: If a request's virtual path matches with one of the paths or the patterns declared in that table, and if the request was received on a non-secure (HTTP) connection, the server generates a redirection to the same virtual path but using HTTPS to force it to be served on a secure connection. The Exclusively Serve On HTTPS table is available only when the current host's Protocol is set to HTTP+HTTPS.
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group