After scouring the web for several days, I've finally decided to create a thread (my first!) here...
I am at a loss.
I have a php-based website (say, example.com) set up in its own public_html directory, with SSL certification for both "example.com" and "www.example.com".
The https-prefixed version works great across the entire site, without issue.
However, since I advertise my website as simply "example.com", I want people to be able to simply type that in, and not the full "Example Domain" to be able to access the secure site.
I also have SSLv3 (for POODLE vulnerability) disabled via the include editor in WHM, as suggested by whynopadlock.com's analysis.
Unfortunately, now all users who enter the web address without the "https://" prefix get sent to a page saying nothing more than "Index of" with links to "cgi-bin/" and "www/" below, with the error "Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Server at www.example.com Port 80" below that.
I have tried every combination of rules & rewrites I've found for htaccess, with absolutely no change.
I have attempted to add PHP code for redirection at the top of web pages, but they do not even get loaded.
I have used cPanel's built-in Redirects tool, with absolutely no difference made (though I see the changes made within htaccess file). Clicking on the directory "/" in the listed redirects sends me to the same "Index of" page.
Should I ditch the SSLv3 disabling, and just use a redirect function in PHP to ensure all pages are the https version? Or would that then be opening the POODLE vulnerability again.
I'm not a server-admin expert, at all. Any suggestions would be appreciated.
I am at a loss.
I have a php-based website (say, example.com) set up in its own public_html directory, with SSL certification for both "example.com" and "www.example.com".
The https-prefixed version works great across the entire site, without issue.
However, since I advertise my website as simply "example.com", I want people to be able to simply type that in, and not the full "Example Domain" to be able to access the secure site.
I also have SSLv3 (for POODLE vulnerability) disabled via the include editor in WHM, as suggested by whynopadlock.com's analysis.
Unfortunately, now all users who enter the web address without the "https://" prefix get sent to a page saying nothing more than "Index of" with links to "cgi-bin/" and "www/" below, with the error "Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Server at www.example.com Port 80" below that.
I have tried every combination of rules & rewrites I've found for htaccess, with absolutely no change.
I have attempted to add PHP code for redirection at the top of web pages, but they do not even get loaded.
I have used cPanel's built-in Redirects tool, with absolutely no difference made (though I see the changes made within htaccess file). Clicking on the directory "/" in the listed redirects sends me to the same "Index of" page.
Should I ditch the SSLv3 disabling, and just use a redirect function in PHP to ensure all pages are the https version? Or would that then be opening the POODLE vulnerability again.
I'm not a server-admin expert, at all. Any suggestions would be appreciated.