A Guitar And Gear Support Forum


https://aguitarforum.net/

Redirect HTTP to HTTPS?

https://aguitarforum.net/viewtopic.php?f=33&t=2395

Page 1 of 1

Redirect HTTP to HTTPS?

Posted: Sun Sep 05, 2021 1:56 am
by Friedl
Not intended as criticism, but I noticed that the site supports basic authentication over http, but also supports https. I saw the sticky notice on the front page to use https, but wanted to let you know, in case you didn't, that you can host different content on the TCP 80 and TCP 443 web services, and the http (port 80) one could send a HTTP 302 (or a 301, for that matter) redirect to the https. This would basically prevent users from accidentally logging into the http site with unencrypted creds.

Re: Redirect HTTP to HTTPS?

Posted: Sun Sep 05, 2021 9:20 am
by glasshand
I agree. HTTPS should be the default for everything in this day and age, and visiting a site over HTTP should redirect you to the HTTPS version.

Re: Redirect HTTP to HTTPS?

Posted: Mon Sep 06, 2021 12:53 pm
by golem
As a developer, I endorse this suggestion.

Re: Redirect HTTP to HTTPS?

Posted: Thu Sep 09, 2021 7:02 am
by UrenragK
Agreed, I thought it was already like that - we will get it sorted :)

Re: Redirect HTTP to HTTPS?

Posted: Thu Sep 09, 2021 6:12 pm
by LightWingStudios
Friedl wrote: Sun Sep 05, 2021 1:56 am Not intended as criticism, but I noticed that the site supports basic authentication over http, but also supports https. I saw the sticky notice on the front page to use https, but wanted to let you know, in case you didn't, that you can host different content on the TCP 80 and TCP 443 web services, and the http (port 80) one could send a HTTP 302 (or a 301, for that matter) redirect to the https. This would basically prevent users from accidentally logging into the http site with unencrypted creds.
Site updated...HTTP is now forced to the HTTPS automatically.

Re: Redirect HTTP to HTTPS?

Posted: Thu Sep 09, 2021 8:48 pm
by Friedl
NIce! Thanks

Re: Redirect HTTP to HTTPS?

Posted: Thu Sep 09, 2021 10:07 pm
by glasshand
Now, if you want to be really serious about it, you implement HSTS for the whole domain and get it put on the HSTS preload list... :mrgreen:

Re: Redirect HTTP to HTTPS?

Posted: Thu Sep 09, 2021 10:20 pm
by LightWingStudios
glasshand wrote: Thu Sep 09, 2021 10:07 pm Now, if you want to be really serious about it, you implement HSTS for the whole domain and get it put on the HSTS preload list... :mrgreen:
Let's not get crazy given our resources and the nature of the site. :)
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited