Our company runs a website which currently supports only http traffic. We plan to support https traffic too as some of the customers who link to our pages want us to support https traffic.
Our website gets moderate amount of traffic, but is expected to increase over time.
So my question is this:
Is it a good idea to make our website https only?(redirect all http traffic to https) Will this bring down the websites performance?
Has anyone done any sort of measurement?
PS: I am a developer who also doubles up as a apache admin.
How do I use mod_perl2 and Apache Bucket Brigades?
Open Microsoft Word in Java
Slow Client connection blocks Mongrel
Of course the real answer is: don't guess, benchmark it.
Handling web requests on server side
Try it both ways and see the difference.
MySQL error “No Database Selected”
You can use tools like
abto simulate traffic..
Apache FilesMatch - matching a folder in the regular expression
Also, I think you may have more luck with this question over at http://www.serverfault.com/.
Php 5.3 or 6 windows install [closed]
Session Management in TWebModule
different continents, especially Australasia where latency to America/Europe is quite high) it makes a dramatic difference and will severely impact the user experience.. There are things you can do to mitigate it, such as ensuring that keep-alives are on (But don't turn them on without understanding exactly what the impact is), minimising the number of requests and maximising the use of browser cache.. Using HTTPS also affects browser behaviour in some cases.
Certain optimisations tend to get turned off for security reasons, and some web browsers don't store objects loaded over HTTPS in the disc cache, which means they'll need to get them again in a later session, further impacting the user experience.. * An estimate based on some informal measurement.
Is it a good idea to make our website https only?(redirect all http traffic to https) Will this bring down the websites performance?.I'm not sure if you really mean all HTTP traffic or just page traffic.
This kind of content comprises most of the data transferred in a request so if you do find feel that HTTPs is taking too much out of the system you can recommend the programmers separate content that needs to be secured from the content that does not..
Most production servers I've seen are under 10%, even when using some SSL traffic.
I think it would be best to see where your current CPU usage is at, and then do some of your own benchmarking to see how much extra CPU usage is used by an SSL request.
I would guess it isn't that much..
Page loading speed might be little slower, because your server has to perform redirection operation unnecessarily for each web page request.
It is better idea to make only pages as https that may contain secure/personal/sensitive information of users or organization.
Even if the user information passing through web pages, you can use https.
The web page which have information that can be shown to all in the world can normally use http.
Finally, it is up to your requirement.
If all pages contain secure information, you may make the website as https only..