I want to block port 80 (HTTP) completely and only allow HTTPS requests. I have found many examples of how to redirect from HTTP to HTTPS but I would prefer to display an error instead. I cannot block port 80 in my config file as my hosting provider does not allow me to modify these files. If possible, how can I achieve the same results with htaccess.
The reason for me wanting this on my api.domain.com is for added security after reading this article .
Quote from article...
Aside from abandoning HTTP Basic altogether there is an easy fix. close port 80 on your API host. This stops a connection being made dead in its tracks, preventing any credentials being sent in the clear
Try:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/error\.php
RewriteRule ^ http://%{HTTP_HOST}/error.php [L,R]
or
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ - [L,F]
Can you please try this:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{REQUEST_URI} !/error\.php
RewriteRule .? https://%{HTTP_HOST}/error.php [L,R]
OR
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/error\.php
RewriteRule ^ https://%{HTTP_HOST}/error.php [L,R]
This will check if server port is 80
It will redirect all requests to error.php
Apache httpd has a special directive for this, SSLRequireSSL , which gives a 403 error otherwise. (You could use ErrorDocument if you want a better error message and don't otherwise need 403.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.