Avoid landing page redirects

(Danil Antoshkin) #1


code.mauladen.ru {
    proxy / https://code.mauladen.ru:3000
    header / {
	    Strict-Transport-Security "max-age=15768000;"
	    X-XSS-Protection "1; mode=block"
	    X-Content-Type-Options "nosniff"
	    X-Frame-Options "DENY"
        Cache-Control "max-age=2592000;"

http://www.code.mauladen.ru, https://www.code.mauladen.ru {
  redir / https://code.mauladen.ru

How can I solve this problem?

(Matthew Fay) #2

Hi @Mauladen,

The first redirect is HTTP->S, and you especially want visitors to use HTTPS if there’s a login form involved.

The second redirect must have been issued by the app running on port 3000. It looks like it’s directing unauthorized users to the login page.

A good strategy to avoid this would be to redesign your website to have a HTTP-accessible landing page that doesn’t require the client to be logged in. Other than doing that, it’s not a problem that needs solving.