Monday, February 7, 2022

Re: Off topic slightly - Apache https redirect

Technically the correct way here is to include 'permanent'. This may help search engines do the correct thing.

But there is a problem. At least until a few years ago, the RFC mandated that permanent redirects be cachable forever, and browsers were doing this. Assuming this continues today, if for any reason you ever decide to undo this permanent redirect or point it elsewhere, or simply if you make an error while configuring apache, you are out of luck. In my opinion, this is an error in the RFC, and as someone had commented, it is silly to have a provision that lets you so easily give up control of a resource for ever.

Because of this, I always include this in my apache configuration (not in the host configuration but in the general configuration which applies to all hosts):

Header always set Cache-Control "no-store, no-cache, must-revalidate" "expr=%{REQUEST_STATUS} == 301"
Header always set Expires "Thu, 01 Jan 1970 00:00:00 GMT" "expr=%{REQUEST_STATUS} == 301"

Antonis Christofides  +30-6979924665 (mobile)

On 07/02/2022 23.27, Mike Dewhirst wrote:
Yes ... that's almost what I went with after reading up on the topic. I left the 'permanent' off.

Thanks Bob and everyone.

Cheers

Mike

--
(Unsigned mail from my phone)



-------- Original message --------
From: Bob Kline <bkline@rksystems.com>
Date: 8/2/22 06:30 (GMT+10:00)
Subject: Re: Off topic slightly - Apache https redirect

On Sunday, February 6, 2022 at 9:12:38 PM UTC-5 Mike Dewhirst wrote:
There seems to be a multitude of ways to redirect from http to https.
Any pointers to the absolutely correct way?


How about something like this?

<VirtualHost *:80>
  ServerName example.com
  ServerAlias www.example.com
  Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
  ...
</VirtualHost>

 
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c8c8177d-49c0-45f7-b382-31855ccb6b0an%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/62018eb3.1c69fb81.e0fe.0b9fSMTPIN_ADDED_MISSING%40gmr-mx.google.com.

No comments:

Post a Comment