This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Customising the CMS /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

HTTPS Everywhere

1454 Views

KatB

Community Member, 105 Posts

5 September 2016 at 4:41pm

* Disclaimer

A couple of years ago, Google introduced the concept of HTTPS Everywhere (https://www.youtube.com/watch?v=cBhZ6S0PFCY&utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post).

Since Silverstripe is a CMS, it was potentially possible that it would have to be done through Silverstripe. My experience is that it is better not done through Silverstripe (using the forceSSL). Instead, I used this in my htaccess file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

I found this elsewhere while Googling. This together with my certificate seems to cover both www.example.com and example.com, as well as parked domains I have redirected. If anyone spots anything wrong, I'm happy for you to correct, but I thought the conversation was important enough to start, and I couldn't find any conversation like this in the forum.

*I am putting this here not because I think the answer is perfect, far from it, but because it might help someone else one day who is looking for something like this. I am also using SS 3.1.9.

Return to top