[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: people.debian.org redirecting browsers to HTTPS (was: people.debian.org will move from ravel to paradis and become HTTPS only)

On 07/21/2014 12:19 AM, Peter Palfrader wrote:
> On Sun, 20 Jul 2014, Wouter Verhelst wrote:
> 
>>>> These are all good arguments for enabling HTTPS and making it the
>>>> default (which I've said repeatedly is a move that I support, or at the
>>>> very least don't oppose), but not for *disabling* the possibility of
>>>> plain HTTP.
>>>
>>> Pray tell: How do you make it default.
>>
>> - Enable HSTS on the domain
>> - Run "sed -i -e 's,http://people.debian.org,https://people.debian.org,g'"
>>   over a webwml export.
>> - Create a robots.txt file which is visible from the HTTP export (but
>>   not from the HTTPS one) which looks like this:
> 
> None of these brings people who type in people.debian.org into their
> browser to https.

This could be achieve with mod_rewrite and parsing the user agent:

RewriteEngine  on
RewriteCond %{HTTP_USER_AGENT}  ^SomeBrowser/(.*)$
RewriteRule ^(.*)$ https://test.domain.com/$1 [L,R=302]

This could be implemented in the vhost directive, and makes HTTPS
mandatory for the user agent SomeBrowser, the HTTP being effectively not
reachable for it.

Thomas Goirand (zigo)
Reply to: