How to tell if my client is running a secure connection (SSL)

0 投票
最新提问 用户: (120 分)

I am making a self-hosted app, and I would like to require HTTPS since sensitive informations might be sent. How can I tell if client is using a secure connection ?

  • I could use javascript in the browser, but this wouldn't be secure (since an attacker could just bypass this)
  • The node server might be running as HTTP, but behind a secure nginx/apache proxy.
  • Optionnally, I would need to enforce this rule every time someone is making a request.
发表于 用户: (100 分)
What is the problem with option 2 (run node server using HTTP, behind an HTTPS proxy)? You can restrict server port access and only allow localhost (the nginx/apache) to access the node server.
发表于 用户: (120 分)
Sorry my post might be unclear. Option 2 isn't an option, but another issue (since the host has to deal with the apache/nginx configuration).

1个回答

0 投票
最新回答 用户: (1.7k 分)

Well you can configure your web server so it redirects the user to the HTTPS url from a HTTP url. Apache htaccess is commonly used ensure that a website is accessible only over HTTPS. See this link for more information: http://www.askapache.com/htaccess/ssl-example-usage-in-htaccess/#redirect-http-to-https

发表于 用户: (120 分)
Since it is self-hosted, the user has to deal with the nginx/apache configuration. I would like to ensure he has setup https setup
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...