Page 41 - Cyber Warnings
P. 41
Enable HTTPS
Strictly speaking, HTTPS is not a protocol in and of itself, but it is rather HTTP encapsulated in
TLS/SSL. TLS, or SSL, as it is commonly referred to, provides websites and web applications
with encryption of data being transmitted and authentication to verify the identity of a host.
HTTPS is usually synonymous with shopping carts and Internet banking, but in reality, it should
be used whenever a user is passing sensitive information to the web server and vice-versa.
Most sites do not necessarily need to serve their entire site over TLS, however, since Drupal
does not have an administrator-specific area, it’s strongly advised that TLS/SSL is not only
implemented, but enforced.
In order to enforce TLS/SSL on your Drupal site in Apache HTTP Server, you will need to add
the following configuration in your Drupal site’s .htaccess file (this is usually located in your
website’s root directory).
41 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
