paazmaya.fi

The Website of Juga Paazmaya | Stories about web development, hardware prototyping, and education

SSLRequireSSL setting in Apache

The simplest way is usually the best and even takes the longest time in its search. Well recently I was building something, where I should limit the access only to https:// (as opposite of https:// where no SSL encryption occur).

The simplest way is often the most effective, even if it takes a bit more time. Recently, I was constructing something requiring access only via https://, unlike http:// which lacks SSL encryption.

Simply adding the [SSLRequireSSL](https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl "Deny access when SSL is not used for the HTTP request") directive to the definition of an access point in the Apache configuration makes it require the use of SSL encryption.

It’s worth noting that setting up redirection from standard HTTP to HTTPS should also be implemented.