Edge Security
  • Overview
  • DDoS Protection
    • DDoS Protection Overview
    • Exclusive DDoS Protection Usage
    • Configuration of Exclusive DDoS protection Rules
      • Increase DDoS Protection Level
      • Exclusive DDoS Traffic Alarm
      • Configuration IP blocklist/allowlist
      • Configuration Region Blocking Rule
      • Configuration Port Filtering
      • Configuration Features Filtering
      • Configuration Protocol Blocking Rule
      • Configuration Connections Attack Protection
      • Related References
        • Action
        • Related Concepts Introduction
  • Web Protection
    • Overview
    • Managed rules
    • CC attack defense
    • Custom rule
    • Custom Rate Limiting Rules
    • Exception Rules
    • Managed Custom Rules
    • Web security monitoring alarm
    • Refer
      • Web Protection Request Processing Order
      • Action
      • Match Condition
  • Bot Management
    • Overview
    • Bot Intelligent analysis
    • Bot Basic Feature Management
    • Client Reputation
    • Active Detection
    • Custom Bot Rule
    • Bot Exception Rule
    • Related References
      • Action
  • Rules Template
  • IP and IP Segment Grouping
  • Origin Protection
  • Custom Response Page
  • Alarm Notification
  • SSL/TLS
    • Overview
    • Deploying/Updating SSL Certificate for A Domain Name
    • Configuring A Free Certificate for A Domain Name
    • HTTPS Configuration
      • Forced HTTPS Access
      • Enabling HSTS
      • SSL/TLS Security Configuration
        • Configuring SSL/TLS Security
        • TLS Versions and Cipher Suites
      • Enabling OCSP Stapling

Forced HTTPS Access

Overview

You can use 301 or 302 redirects to redirect HTTP client requests to HTTPS requests and send them to EdgeOne. Forced HTTPS access is used to improve website security and protect user privacy. If your business needs to safeguard user privacy and other sensitive information, we recommended you enable this feature to ensure that data is encrypted during transmission.

1. The client initiates an HTTP request.
2. The EdgeOne node responds with a 301 or 302 status code.
3. The client is redirected to initiate an HTTPS request.

Scenario 1: Enabling Forced HTTPS Access for All Domain Names

To enable forced HTTPS access for all domain names used to access the current site, refer to the following information.

Prerequisites

You have configured SSL certificates for all domain names used to access the current site as instructed in Certificate Configuration.

Directions

1. Log in to the Tencent Cloud EdgeOne console, enter Service Overview in the left menu bar, and click the site to be configured under Website Security Acceleration.
2. On the site details page, click Site Acceleration to enter the global site configuration page. Then click HTTPS in the right sidebar.
3. On the forced HTTPS configuration card, toggle on the Site-wide setting switch to enable this feature for the entire site.

Off (default): EdgeOne does not perform any redirection, regardless of the request protocol used by a client. The client accesses an EdgeOne node via the original protocol.
On: You may choose to redirect HTTP requests made by a client to HTTPS by using a 301 or 302 redirect. HTTPS requests made by a client will not be redirected.

Scenario 2: Enabling Forced HTTPS Access for Specified Domain Names

To enable forced HTTPS access for specified domain names used to access the current site, refer to the following information.

Prerequisites

You have configured SSL certificates for the specified domain names used to access the current site as instructed in Certificate Configuration.

Directions

1. Log in to the Tencent Cloud EdgeOne console, enter Service Overview in the left menu bar, and click the site to be configured under Website Security Acceleration.
2. On the site details page, click Site Acceleration to enter the global site configuration page. Then click the Rule Engine tab.
3. On the rule engine management page, click Create rule and select Add blank rule.
4. On the page that appears, select HOST from Matching type and specify an operator and a value to match the requests of specified domain names.
5. From the Action drop-down list, select Forced HTTPS. Then, click Switch.

6. Click Save and publish.