YAFLogo

tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
6 years ago
The YAF engine is installed in a subdirectory on our website, and the root folder of the forum looks like domain.com/forum. Our website was working many years through the HTTP protocol, but we have recently bought and installed an SSL certificate to switch to HTTPS. We redirect all requests to HTTPS in Global.asax for the main part of the site (it's a complex algorithm that takes into accounts many things, not only the protocol itself). However, the Global.asax from the root folder doesn't work for the forum subfolder, which is a separate virtual app. What is the best way to enable redirection to HTTPS with the code 301 'Moved permanently' for the forum in our case?

At the moment, I implemented the solution with HSTS in web.config found on StackOverflow . Actually, I added the following node to the node in the web.config in the forum root directory:

<rewrite>
	<rules>
		<rule name="HTTP to HTTPS redirect" stopProcessing="true">
			<match url="(.*)" />
			<conditions>
				<add input="{HTTPS}" pattern="off" ignoreCase="true" />
			</conditions>
			<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
		</rule>
	</rules>
	<outboundRules>
		<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
			<match serverVariable="RESPONSE_Strict_Transport_Security"
				pattern=".*" />
			<conditions>
				<add input="{HTTPS}" pattern="on" ignoreCase="true" />
			</conditions>
			<action type="Rewrite" value="max-age=31536000" />
		</rule>
	</outboundRules>
</rewrite>

Is it a good solution?
Sponsor

YAF Logo Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved
About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button