HTTPS Traffic

Product Tech Tips Index

Problem:

Enforcing all website traffic to be HTTPS

Background (optional):

Web servers sometimes redirect browsers to an HTTP port, even if the original request was HTTPS encrypted.

Solution:

In the WebMux farm setup, enable “tag SSL–terminated HTTP requests.” This will add the MIME header “X-WebMux-SSL-termination:true” to decrypted traffic.

This MIME header is sent to the real server as an indication that the original connection was using HTTPS. You will need to write a script on your server that will properly process that information so that it will not try to redirect the connection back to HTTP.

You may also force all traffic to be HTTPS by rewriting the URL. Modify the Apache httpd.conf file by:

RewriteEngine On
RewriteCond%{HTTP:X-WebMux-SSL-terination}!^.*true
RewriteRule(.*)https://%{SERVER_NAME}%{REQUEST_URI}[R,L]RewriteLog/var/log/httpd/rewrite_log
RewriteLogLevel1

If you use the Microsoft IIS 6 server, you can avoid checking and rewriting each URL:

  1. Open the IIS MMC tool and select properties for the site.
  2. Go to the directory security tag.
  3. In the secure communications, click the edit button at the bottom.
    Check the required secure channel option.
  4. Go to the custom error tab to select 403;4 error and setup response “Redirect(“https://my.site.com/my-error-msg.html”).

If you use the Microsoft IIS 7 server, follow these steps, to require the Secure Sockets Layer:

  1. Open IIS Manager and navigate to the level you want to manage
  2. In the Features view, double-click SSL Settings
  3. Select “Require SSL”
  4. In the Actions pane, click Apply

If you wish to rewrite the URL from IIS 7, you will have to download the module separately from the Microsoft website.