Overview
Menu

Forced HTTPS Access

Overview

You can use 301 or 302 redirects to redirect HTTP client requests to HTTPS requests and send them to EdgeOne. Forced HTTPS access is used to improve website security and protect user privacy. If your business needs to safeguard user privacy and other sensitive information, we recommended you enable this feature to ensure that data is encrypted during transmission.

1. The client initiates an HTTP request.
2. The EdgeOne node responds with a 301 or 302 status code.
3. The client is redirected to initiate an HTTPS request.

Scenario 1: Enabling Forced HTTPS Access for All Domain Names

To enable forced HTTPS access for all domain names used to access the current site, refer to the following information.

Prerequisites

You have configured SSL certificates for all domain names used to access the current site as instructed in Certificate Configuration.

Directions

1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target site.
2. On the site details page, choose Site Acceleration > HTTPS to go to the HTTPS page.
3. On the forced HTTPS configuration card, toggle on the Site-wide setting switch to enable this feature for the entire site.

Off (default): EdgeOne does not perform any redirection, regardless of the request protocol used by a client. The client accesses an EdgeOne node via the original protocol.
On: You may choose to redirect HTTP requests made by a client to HTTPS by using a 301 or 302 redirect. HTTPS requests made by a client will not be redirected.

Scenario 2: Enabling Forced HTTPS Access for Specified Domain Names

To enable forced HTTPS access for specified domain names used to access the current site, refer to the following information.

Prerequisites

You have configured SSL certificates for the specified domain names used to access the current site as instructed in Certificate Configuration.

Directions

1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target site.
2. On the site details page, click Rule Engine.
3. On the rule engine management page, click Create rule.
4. On the page that appears, select HOST from Matching type and specify an operator and a value to match the requests of specified domain names.
5. From the Operation drop-down list, select Forced HTTPS. Then, select a redirect method.


6. Click Save and publish.