How to Force Users to Access My Page Over Https Instead of Http

Forcing HTTPS over HTTP

You can leave it in the root directory but change it to:

RewriteRule ^(your-directory/.*)$$1 [R,L]

Keep in mind, though, that before the redirect happens, the cookies and query parameters with possibly sensitive data has already been sent in clear text, so remember to use the secure cookie atribute if you use cookies.

force http instead of https only for a particular file

Your question is not very clear but try this .htaccess code:

Options +FollowSymLinks -MultiViews
RewriteEngine on

RewriteCond %{QUERY_STRING} ^parameter1=.*$ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule ^test\.php/?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA,NC]

This will redirect ONLY if QUERY string parameter1=something is present in the original URL. If you want to redirect all /test.php URIs to https then remove the 1st RewriteCond line.

Spring Boot Security using http instead of https when forwarding to login page

You should configure the ALB to terminate SSL (i.e. register certificate etc). If this is configured correctly, the ALB will automatically add a header (X-Forwarded-Proto) that tells Spring Security that it needs to use HTTPS for its redirects.

Related Topics

Leave a reply