Hi Michael, > My recommendation is to only allow GUI access via HTTPS, which can be > configured via the GUI itself. How would I do this? Can't find a setting (but then I may not be looking in the right place!). I don't want to enable HSTS on the whole box as I suspect this would cause all sorts of other issues with vsites? Thanks Colin