If you want to only allow TLS on your site, we have you covered. We've built a switch into the request settings that will allow you to force unencrypted requests over to TLS. It works by returning a 301 Moved Permanently response to any unencrypted request, which redirects to the TLS equivalent. For instance, making a request for http://www.example.com would redirect to https://www.example.com.
NOTE: Because requests can still happen over HTTP first even if you force a TLS redirect using these instructions, we recommend enabling HSTS as well. Fastly provides a different switch that lets you easily force TLS and enable HSTS at the same time. Alternatively, you can follow these instructions to force a TLS redirect and manually enable HSTS later.
These instructions assume that you've set up TLS service with Fastly.
Forcing a TLS redirect
To force a TLS redirect, follow these steps:
- Log in to the Fastly web interface.
- From the All services page, select the appropriate service. You can use the search box to search by ID, name, or domain.
- Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
- Click the Settings link. The Settings page appears.
Click the Create request setting button. The Create a request setting page appears.
- Fill out the Create a request setting fields as follows:
- In the Name field, type a human-readable name for the request setting. This name is displayed in the Fastly web interface.
- From the Force TLS menu, select Yes.
- Click the Create button to save your request setting changes.
- Click the Activate button to deploy your configuration changes.