Securing SSL access to your website

This article applies to 123-reg Shared Hosting packages.

We’ve provided a few examples below of how to detect and deny access if the page has not been accessed via SSL.

On Linux

On our Linux shared hosting accounts, the environment variable SSL will be set when the connection is SSL-secured.

Via .htaccess

On our Linux shared hosting accounts, you can restrict a directory to SSL-only access by putting the following commands in a .htaccess file. This will apply to all files within the directory, and all subdirectories:

  Order deny,allow
  Deny from all
  Allow from env=SSL
 

Any attempt to access this directory using http will be denied, but using SSL will be enabled.

PHP

To restrict access to an individual script, simply add the following lines to the top of your PHP file:

<?
if( ! $_ENV["SSL"] ) {
    print "<h2> You are not authorised to access this page.</h2>";
    exit;
}
?>

 

On Windows

Any SSL connection to our windows shared hosting accounts will have the http header X-Forwarded-SSL set.

C#

You should make a class called SecurePage which inherits from your main page class (probably System.Web.UI.Page)

using System.Web;

public partial class SecurePage : System.Web.UI.Page

{

    public SecurePage()

    {

        if (HttpContext.Current.Request.Headers["X-Forwarded-SSL"] == null)

        {

            HttpContext.Current.Response.StatusCode = 403;

            HttpContext.Current.Response.StatusDescription = "Forbidden";

            HttpContext.Current.Response.Output.WriteLine("&lt;h2&gt;You are not authorised to access this page.&lt;/h2&gt;");

            HttpContext.Current.Response.End();

        }

    }

}

Any attempt to access this page produces output:

You are not authorised to access this page

.
Offer

Answer options

Your feedback was successfully added.

Answer tracking

Track

Watch the content of this article for changes.