From 81daec1661bb52228004c1d84d9e89ad08107e70 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Wed, 8 Oct 2014 21:59:52 -0400
Subject: [PATCH] Force HTTPS and enable HSTS

---
 .htaccess | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/.htaccess b/.htaccess
index 37325c0..91e2c1d 100644
--- a/.htaccess
+++ b/.htaccess
@@ -4,14 +4,22 @@
     SetHandler none
 </Files>
 
+<If "%{HTTPS} != 'on' || %{SERVER_NAME} in {'sipb', 'sipb-www.scripts', 'sipb-www.scripts.mit.edu', 'scripts', 'scripts.mit.edu', 'scripts-cert', 'scripts-cert.mit.edu'}">
+RedirectPermanent / https://sipb.mit.edu/
+</If>
+
+Header always set Strict-Transport-Security "max-age=31536000"
+
+# /~sipb-www is only used internally
+<If "reqenv('REDIRECT_STATUS') == '' && %{SERVER_NAME} in {'sipb', 'sipb.mit.edu', 'sipb-www.scripts', 'sipb-www.scripts.mit.edu', 'scripts', 'scripts.mit.edu', 'scripts-cert', 'scripts-cert.mit.edu'}">
+RedirectPermanent /~sipb-www https://sipb.mit.edu
+</If>
+
+Options +FollowSymLinks
+
 RewriteEngine On
 RewriteBase /
 
-# Canonicalize on sipb.mit.edu
-RewriteCond %{HTTP_HOST} !^sipb.mit.edu$ [NC]
-RewriteCond %{HTTPS} !=on
-RewriteRule ^(.*)$ http://sipb.mit.edu/$1 [R=301,L]
-
 # Serve some CGI scripts from _wiki-cgi
 RewriteRule ^ikiwiki.cgi$ _wiki-cgi/ikiwiki.cgi [L]
 RewriteRule ^update.cgi$ _wiki-cgi/update.cgi [L]
-- 
2.45.0