Having backend secured
This is an open discussion with 3 replies, filed under General.
Search
You might want to use a redirect rather than a rewrite. Right now you are not really encrypting the traffic between the server and the browser, but only between the server and the... server.
A set of flags like [NC, L, R=301] seems more appropriate.
Without spaces though, like
[R=301,L,NC]
as spaces cause a 500
error.
Thanks so much for your comments!
I will incorporate it and also update the example above. Have to finish some stuff first.
Create an account or sign in to comment.
Just trying: To imply for a secured connection to backend without having users need to remember to type
https
everytime they're entering backend (or do other stuff they can forget about or bypass), I slightly edited.htaccess
's### ADMIN REWRITE
section fromto following:
The
RewriteCond
s takes care about my local dev environment to omit it on my localhost.Why not to use
https
for the whole site then? It depends. One reason can be (my case) you have only a self-signed certificate provided by your hosting, which provides some encryption but you don't want to bug the general visitor with thenon trusted
warning stuff.