Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Moving A Website To Https

Featured Replies

I run a few websites, and I've been thinking about moving them to use https connections, mostly to protect login credentials. But if I go to that trouble, why not run the *whole* website over https, since it would presumably offer some additional security benefits? Would there be any significant performance hit or problem likely to arise from using https connections site-wide?

No performance issue realistically, though getting the certificate managed so surfers are not confronted with the This certificate doesn't match the domain style messages can be frustrating depending on your hosting set-up.

Regards

Edited by A_Traveller

I run a few websites, and I've been thinking about moving them to use https connections, mostly to protect login credentials. But if I go to that trouble, why not run the *whole* website over https, since it would presumably offer some additional security benefits? Would there be any significant performance hit or problem likely to arise from using https connections site-wide?

There is not really a reason not to run a secure connection. There are a few issues you should be aware of though.

1. You need a certificate signed by Verisign or similar, which will cost you money every year. You can use your own certificate, but every time a user visit your site a warning message will appear.

2. Some servers require an individual IP for each certificate. This can be overcome with aliases or virtualization. In other words if you have virtual hosts on the same server, you can run into trouble.

3. It takes a little more administration, since you have to renew the certificate every year.

  • Author

Thanks for the replies. I have a VPS and it comes with a few fixed IPs, so that should be ok.

No performance issue realistically, though getting the certificate managed so surfers are not confronted with the This certificate doesn't match the domain style messages can be frustrating depending on your hosting set-up.

Regards

Do you mean when they get the error because they accessed http://domain.com instead of http://www.domain.com, etc? You should be able to overcome this problem with a few additions to your root .htaccess file:

<pre style="margin-top: 0pt; display: inline;">RewriteEngine on
 rewritecond %{http_host} ^domain.com [nc]
 rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc]</pre>

Not my code, it's from here.

^ Agreed, there are other causes too, but many hosters do not provide access to the .htaccess and/or rewrite directive, hence my admittedly short 'hosting set-up' point.

Regards

It is a standard warning that come when the client connecting doesn't know the signer of the certificate.

http://en.wikipedia.org/wiki/Ssl_certificate

The only way you can prevent this message from appearing is by getting a certificate from a provider like Verisign. There are many alternatives, but not all are supported in all clients.

I disagree. Although encrypting the markup won’t have too much overhead involved, encrypting things like images on the other hand will. If you have something like <img src="/image.jpg"> in your page, and the page is downloaded using https, then that's going to direct the browser to download the image from https://domain/image.jpg which will encrypt the transfer. If you reference all your images like <img src="http://domain/image.jpg"> on a page called using https then you'll get the "this page displays secure and non secure items" dialogue popping up.

Only use https where you need to.

Edited by malcolmswaine

Only use https where you need to.

/agree

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.