RequireSSL = yes|no
RequireSSL works in VirtualHost but does not seem to work in the first host.
Am I missing somthing?
Why is that ? What about if I want the first host to redirect to https?
Thanks
Hugo Leisink
30 June 2010, 09:07
I can't remember the reason why I disabled RequireSSL for the default host. You can remove this limitation on line 641 in serverconfig.c.
Remember that it's good practice to use the IP address of your server as the hostname of the default host and give it a blank page. With this, automated scan and hack scripts won't find your websites, because they search by IP address.
Use virtual hosts for your real websites.
i haven't used virtualhost so far because Hiawatha always detects 192.168.0.1 whether I access the site using its name or using its IP address but I will investigate why
my hostnames work fine I have found out that the reason why 'RequireSSL = yes' does not work is probably because my port 80 is blocked by my ISP. My domain never gets visited on port 80!
One Comment
--------------------
"Remember that it's good practice to use the IP address of your server as the hostname of the default host and give it a blank page. With this, automated scan and hack scripts won't find your websites, because they search by IP address."
Instead of empty page isnt it better to just deny all access in this hostname with my IP, even safer than an empty page isnt it?
Hugo Leisink
13 July 2010, 09:13
Denying access or giving a blank page has the same effect: the hack script won't find any web form. Static pages can't contain a vulnerability, because they're static. It's the CGI scripts which can be exploited if they contain a bug.
This topic has been closed.