mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-03-11 09:04:54 +00:00
e7399a4d8e
Tests: - Without the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that redirection to https happens. - Without the patch, run curl -kv http://localhost. Observe that redirection to https happens. - With the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that redirection to https does not happen. - With the patch, run curl -kv http://localhost. Observe that redirection to https happens. [sunil: Perform case insensitive match] [sunil: Remove capture of domain name match] [sunil: Strictly check that domain ends with .onion] Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org> Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
19 lines
604 B
Plaintext
19 lines
604 B
Plaintext
##
|
|
## When enabled allows only SSL traffic onto Plinth. This is done by
|
|
## redirecting non-secure traffic to secure traffic. The redirect is
|
|
## permanent as recommended in:
|
|
## http://tools.ietf.org/html/rfc6797#section-7
|
|
##
|
|
## Requires the following Apache modules to be enabled:
|
|
## mod_rewrite
|
|
## mod_ssl
|
|
##
|
|
<Location /plinth>
|
|
RewriteEngine on
|
|
# Don't redirect for onion sites as it is not needed and leads to
|
|
# unnecessary warning.
|
|
RewriteCond %{HTTP_HOST} !^.*\.onion$ [NC]
|
|
ReWriteCond %{HTTPS} !=on
|
|
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
|
</Location>
|