diy solar

diy solar

Insecure web site

The redirect does what he says, but of itself there's nothing really wrong with that. The defacto has become HTTPS but I appreciate the fact that the forum still permits people to use HTTP because there are old mobile devices out there that don't have support for newer TLS versions. Modern versions browsers will attempt HTTPS themselves automatically, Chrome, Firefox, Safari etc but I have seen instances where people have turned that automatic switch to HTTPS off for some reason but may not realise it.
 
Certain WiFi connections can be very picky and will actually team up with your web browser's firewall and prohibit you from accessing sites that do not satisfy all of the credential requirements. Try another ISP location.
 
gnubie said:
The redirect does what he says, but of itself there's nothing really wrong with that. The defacto has become HTTPS but I appreciate the fact that the forum still permits people to use HTTP because there are old mobile devices out there that don't have support for newer TLS versions. Modern versions browsers will attempt HTTPS themselves automatically, Chrome, Firefox, Safari etc but I have seen instances where people have turned that automatic switch to HTTPS off for some reason but may not realise it.
Click to expand...
You misspelled realize ... (snicker) ..
 
A lot of web pages show up as not secure when the browser doesn't see the security certificate as current. This is not even thread worthy. Chrome in particular sees a lot of web pages as not secure. What browser are you using, and it is up to date?
 
Will Prowse said:
Looks good to me:
Click to expand...
The problem is NOT the secure server at https://diysolarforum.com. The problem is both http://diysolarforum.com and http://www.diysolarforum.com redirect to an unsecure (http) server.
Note that http and https are different servers. http is on port 80 and https is on port 443.

I also noticed that when I get notifications via email, all the links point to the insecure http server instead of the https server.

Let me know if you need more help understanding the issue.

Mars

PS.
I tried the SSL test at https://www.ssllabs.com/ssltest/ using http://www.diysolarforum.com. The result was for https://www.diysolarforum.com, not http://www.diysolarforum.com.
Screenshot_2019-11-04_22-45-39.png
 
If you key in http://www.diysolarforum.com a modern up-to-date web browser in default configuration, that has no history of visiting the site previously will automatically attempt https://www.diysolarforum.com.au. The browser is then redirected to https://www.diysolarforum.com/index.php

A browser that has the defacto default of try https first regardless of what was keyed in turned off, or if the browser is old and doesn't do that by default is sent to http://www.diysolarforum.com it will get a redirect to http://www.diysolarforum.com/index.php

A browser that has viewed the site via https will have received the hsts information that tells the browser to only ever attempt https. This will cause the browser, even in the 2nd example, to use only https.

This configuration is fine and arguably completely correct as a browser that wants to connect using http should be allowed to continue doing so. It allows people with older smart phones that don't have updated certificates or TLS methods enabled will still be able to view the site.
 
The server firewall at the liberry is hyper sensitive to missing, out of date or otherwise potentially invalid credentalia and will deny access, whereas, other servers will allow access to those same sites.
 
Pages served over HTTP are vulnerable to eavesdropping, content injection, and cookie stealing, which can be used to take over your online accounts. An insecure web site is NOT a good thing.
www.eff.org

Encrypting the Web

The web has largely switched from non-secure HTTP to the more secure HTTPS protocol. All web servers use one of these two protocols to get web pages from the server to your browser. HTTP has serious problems that make it vulnerable to eavesdropping and content hijacking. HTTPS fixes most of...
www.eff.org www.eff.org

I find it very annoying that I am trying to only use only secure connections and I keep getting redirected to an insecure connection.
 
Mars said:
The problem is NOT the secure server at https://diysolarforum.com. The problem is both http://diysolarforum.com and http://www.diysolarforum.com redirect to an unsecure (http) server.
Note that http and https are different servers. http is on port 80 and https is on port 443.

I also noticed that when I get notifications via email, all the links point to the insecure http server instead of the https server.

Let me know if you need more help understanding the issue.

Mars

PS.
I tried the SSL test at https://www.ssllabs.com/ssltest/ using http://www.diysolarforum.com. The result was for https://www.diysolarforum.com, not http://www.diysolarforum.com.
View attachment 1737
Click to expand...
Can you screenshot it not being secure? My browser, and both addresses above are showing up as secure. I am asking support and sending them this message. I am totally lost as to why you do not show this site as secure.
 
Now check to see if it redirects. I am checking on multiple sites and everything seems perfect. Still confused. Can you show me a screenshot of your browser showing it as not secure? Or a invalid certificate etc? Just some form of proof, Mars. Thanks
 
I was just about to post debugs of the http connection to show you but the behaviour has changed in the past few days since I last posted about it. Previously http connects to / would be redirected to http:// .... index. ie a http connect would always receive a http redirect to the index page.

However, just now and now that I've read your additional post, it is being redirected to https://

It's all fine in my books. http should IMO redirect to http. It's up to the end user to use https, or let their browser automatically do it for them. People that want to (or perhaps need to) use http should be allowed to.
 
You must log in or register to reply here.

Similar threads

F
Growatt inverter grid tied stuck in stand by mode
4 5 6
Replies
103
Views
2K
GBentley
G
J
EG4 6000XP/18Kpv Custom RS485 Dongle Connector
2
Replies
23
Views
658
slypig
S
J
EG4 6000XP/18Kpv RS485 Connector
Replies
2
Views
151
sollap
S
W
running a freezer off my old AGMs?
Replies
15
Views
525
Hedges
Hedges
ghostwriter66
Another EXCELLENT YouTube site for the beginners ...
Replies
0
Views
654
ghostwriter66
ghostwriter66
Back
Top