Force https:// on Eramba

Hi!

Is there a configuration parameter somewhere that will force the use of https:// everywhere on Eramba? We have an AWS load balancer managing the certificates, and it works most of the time, but sometimes fails - like with the Vendor Assessment login, which drops back to http:// after login.

This is mostly something we have to fix on the balancer side of things I guess - but if a paramter exist it would be great to test it!

Did you modify the Default Apache Virtual Host File to redirect all HTTP traffic to the SSL version of the site?

This is something I asked support recently too; they replied that its not currently an option (because no one has asked for it yet) but that they would add it to their backlog of things to add.

One thing that you can do as a workaround is to set a HSTS header from your webserver. See https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet for details.

The other thing I have done on the AWS side is used the new redirect capability to always force a redirect from http to https at the load balancer rules.

Thank you for your feedback! We will look into this!

Love that this forum is so active even for a “niche” product like this!