[ic] RFC: New AlwaysSecureGlob directive

Peter peter at pajamian.dhs.org
Sun Mar 26 00:17:31 UTC 2017

On 26/03/17 12:56, Jon Jensen wrote:
> The AlwaysSecure directive requires an exact match of the page name and
> it's not possible to enumerate all the admin URLs or ActionMaps that
> should be generated secure-only, so this new directive makes that
> possible with wildcard matching.

I like this idea but I think it's time is fast passing.  Recommendations
nowadays (especially with pushes from Google, etc) are that the *entire
site* should be served up as https, and this is easily done with an
httpd redirect and setting VendURL to https://... So with that in mind
specifying which pages should always need to be secure becomes a bit


More information about the interchange-users mailing list