Enforcing SSL for a Site

Overview

The SSL Enforced option does not enforce all sessions to SSL (it does not redirect all HTTP traffic to HTTPS) but rather, causes any user who visits the site over HTTP to receive an error page. This means that unsecured pages will not be accessible while this option is enabled.

 


Information

Prerequisites

A host/superuser account. Hosts have full permissions to all sites in the DNN instance.

 

Environment

  • DNN Platform
  • Evoq Content
  • Evoq Engage

 


Process

  1. Navigate to Persona Bar >  Settings > Security.
  2. Click on the More tab. 
    SSL.JPG

     

  3. View the SSL Settings tab.
  4. Configure any of the following settings as needed:

    1.png

    • At SSL Enabled? Mark the checkbox if an SSL Certificate has been installed for this site. 
    • At SSL Enforced? Mark the checkbox if pages which are not marked as secure are not to be accessible with SSL (https). 
    • In the SSL URL text box, enter a URL which will be used for secure connections for this site. This is only required if the SSL Certificate does not match the standard URL, e.g.: "www.secure.domain.com".
    • In the Standard URL text box, enter the standard site URL for non-secure connections.
    • In the SSL Offload Header Value set the name of the HTTP Header that will be checked to see if a network balancer has used SSL Offloading.
  5. Click the Save button.

     


Confirmation

If the user tries to access a site via HTTP, they should automatically get redirected to the HTTPS version of the site, while SSL is enabled. 

If the SSL Enforced option is enabled as well, any user going to a site via HTTP would get a 403 error and not get automatically redirected.

Back to top

Comments

0 comments

Please sign in to leave a comment.