Requiring HTTPS on all pages

How To require that all pages be served with HTTPS instead of HTTP. The best way is to prevent any and all HTTP requests. This may not be possible and would require configuring your HTTP server to reject any requests on port 80.

You can however make sure that all of your HTML/OS pages stop delivery of anything not requested over HTTPS.

First edit your htmlos.conf file and look for a line with ServiceType in it

ServiceType https

Next, you will need to protect any potential point of entry, like /system/login.html and /system/rs.html also on any startlinks you might have. Make sure all of these pages have this snip of code at the top of them. Your code might look something like this…

<<
 if getenv('HTTPS')='ERROR' then
  # Force HTTPS /#
  goto 'https://'+domainname+getenv('REQUEST_URI')
 /if
>>

Placing that little snip of code at the start of all your HTML/OS pages will prevent them from being delivered over HTTP.

To verify your code is working take any page and change the https://... to http://... and load it. If it loads over HTTP then you have a problem and need to make sure you have the conditional on the page.

To protect /system/rs.html and /system/login.html do the following

First copy /system/rs.html to /system/rsAESTIVA.html and /system/login.html to /system/loginAESTIVA.html

Next create a new /system/rs.html and add the following code to it...

<<
 if getenv('HTTPS')='ERROR' then
  # Force HTTPS /#
  goto 'https://'+domainname+getenv('REQUEST_URI')
 /if
 goto '/system/rs.html'
>>

And lastly Next create a new /system/login.html and add the following code to it...

<<
 if getenv('HTTPS')='ERROR' then
  # Force HTTPS /#
  goto 'https://'+domainname+getenv('REQUEST_URI')
 /if
 goto '/system/login.html'
>>