How to force https: browsing on your app


#1

hi,

i’ve got my app running on a dedicted linux box running lighttpd.

i have an ssl certificate installed and if i go to https://mysite.com
then i get to view the site over a secure connection as expected.

however, if the user just enters www.mysite.com then the browser will
use http: by default instead of https:.

does anyone know how to force connections to use https, or how to
redirect urls with http: to their https: equivalent?

-john


#2

i’ve got my app running on a dedicted linux box running lighttpd.

i have an ssl certificate installed and if i go to https://mysite.com
then i get to view the site over a secure connection as expected.

however, if the user just enters www.mysite.com then the browser will
use http: by default instead of https:.

does anyone know how to force connections to use https, or how to
redirect urls with http: to their https: equivalent?

Somewhere within the ‘request’ object there’s got to be a protocol
attribute. If that’s not “https” then redirect them. You could do this
check as a before_filter in application.rb to cover all your bases.

-philip


#3

On 1/24/07, Philip H. removed_email_address@domain.invalid wrote:

redirect urls with http: to their https: equivalent?

Somewhere within the ‘request’ object there’s got to be a protocol
attribute. If that’s not “https” then redirect them. You could do this
check as a before_filter in application.rb to cover all your bases.

-philip

Philip,

The ssl_requirement plugin by DHH is highly recommended for this type
of thing. Very easy to use.

Repos:
http://dev.rubyonrails.org/browser/plugins/ssl_requirement

Install:
$./script/plugin install ssl_requirement


Zack C.
http://depixelate.com