Tuesday 20 January 2004 2:43:54 pm
Hi, I need some parts of my site secured with SSL, and not others. The user login, and many parts of a user restricted area as sensitive information will be passed. Would the best way to do this be to write apache rewrite rules to redirect the user based upon the url. For example, if I wanted to protect /content/view/full/5252 I would write a rule in apache: RewriteRule ^/(content/view/full/5252/.*)$ https://www.mysite.com/$1 [R] And do this for each page I need to protect? Is there an easier way to do it? And is this secure? The only information that would be sent over http in this setup would be the get request right? Then it would be transferred to https and the actual result of the get request (the sensitive data) would be sent over https. Then for my embedded user login form (that sits on my homepage) I would change the post user from http://www.mysite.com/user/login to https://www.mysite.con/user/login and the post request would go over https? Please forgive my ignorance here, I have never done a secure site before.
|