Option to prevent non SSL connections

[ACP-1711] Option to prevent non SSL connections
Type	Enhancement
Priority	High
Severity	Minor
Component	Main Program
Fixed In Version	[8.3] 8.3
Versions Affected	[8.2.2a] 8.2.2a
Severity	Closed
Resolution	Complete

Reported By	Bob Denny
Resources	Bob Denny
Start Date	2/19/2020

Description

See this Comm Center thread by Sandra Carroll. Rather than disabling the server on port 80, though, force a redirect to https://. This will avoid people seeing a dead server if they try to connect with http://. Must allow plain HTTP GET on the .well-known paths for CA domain validation via ACME or SSL.com.

Comments

2/20/2020 9:56:12 AM

Bob Denny


 
  SVN Comment
 
 
  Author
  rbdenny
 
 
  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 
 
  SVN Revision
  1239
 
 
  Affected files
  /trunk/ACP Help/relnotes.htm (Modified)
/trunk/ACP.vbp (Modified)
/trunk/ASPResponse.cls (Modified)
/trunk/Main.bas (Modified)
/trunk/frmPrefs.frm (Modified)
/trunk/frmPrefs.frx (Modified)
/trunk/frmWebServer.frm (Modified)

 
 
  Check-in comment
  Add feature to force web traffic to SSL. Change redirects to 301 (as should be). 
GEM:1711

2/19/2020 3:42:38 PM

Bob Denny

Change Redirect functions in frmWebServer and the ASPResponse object to send 301/MovedPermanently.