I have a client with a bunch of one-page websites that is hosting with Godaddy. Of course they don't offer Let's Encrypt SSLs and we don't want to have to renew SSL certificates every 3 months. They noticed that if they go to the HTTPS version of the site it says it is insecure (since it doesn't have an SSL certificate). They have asked me if I can force these to redirect to HTTP. I have found .htaccess rules but they don't work because modern browsers check for certs before hitting .htaccess.
Is there a way to make them redirect? We are using Wordpress for all of them.
Related
we have activated HTTP Strict Transport Security in production. It works well. But now, when wanting to use a subdomain to develop, the website is automatically redirected to https:
https://dev.tokeeen.com/app_dev.php/my-habits
Event if the host is set to 127.0.0.1
127.0.0.1 dev.tokeeen.com
Is there something to avoid this behavior? Of course I don't want to force the host for the main domain.
You are currently setting this on your main site:
Strict-Transport-Security max-age=63072000; includeSubDomain
If you change this to remove the includeSubDomain bit then it will only apply to your top level domain and not the dev sub domain:
Strict-Transport-Security max-age=63072000;
You then need to visit your production site to load this header and overwrite the existing one in your browser’s cache.
However this is less secure (for example someone could set up www.tokeeen.com and pretend to be your site with a bit of DNS manipulation for example).
But to be honest you should just use https on you’re dev site. The Internet is moving towards HTTPS and many new features do not work under plain HTTP. Additionally what you are developing is not similar to your production site so if you include http:// links instead of https:// for example you’ll suddenly see this failing when you release to production.
You look to use LetsEncrypt on your site so the cert is free. Do yourself a favour and just get another free one for your dev subdomain.
You have to get yourself a wildcard certificate as the ssl certificate is only for that domain. That's the whole point of having a secure site.
I'm not sure what server system you are using but in case you don't want to use wildcards and are ok with less secure, you can bind the other domains to
port 80 with the binding type http`
I have a WordPress website on IIS. I have a SSL Certificate setup for the site and that is working fine when I navigate to the site via https.
The problem is, I can still navigate to the site via regular http and of course I don't get the security of the SSL certificate.
How can I divert all traffic to the site that comes through http to the https?
Is this done via the web.config? I've tried all sorts, but nothing worked for me.
I have a wordpress website using free hosting of Open Shift. When I search goole for my website name. I received a result that contain https ssl. But when I click this links google chrome will go to:
Attackers might be trying to steal your information from phamquan.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is phamquan.com; its security certificate is from *.rhcloud.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Because my website doesn't have ssl cerification. How can i disallow google index all links of my website as https. Only allow http links.
The only way to prevent Google from indexing the HTTPS version of the site is to stop listening to HTTPS. The main problem here is that your webserver is currently listening to HTTPS requests, although your website is not configured to deliver a valid certificate.
If you can't access the server configuration, another approach described here and here is to use the canonical link tag to link to the HTTP version of the site as a hint that the correct version is the HTTP and not the HTTPS.
Evening all,
I am having some difficulty with displaying my FTP connection content on a page with HTTPS encryption. It works on standard HTTP but not HTTPS. I am running Apache web server. I'm not fussed about the user being able to see the FTP details just want to secure the connection between both ends though.
Would FTPS on HTTPS work?
Regards
ftp:// does work on https websites, although by default its blocked by the "Mixed Content Blocking"
In firefox you can disable this protection by doing what the picture describes:
For IE:
ftp:// does not work because of mixed content (e.g. secure https and non-secure ftp).
ftps:// will not work because most browsers do not support it and maybe your ftp server doesn't even speak ftps.
And, how about just testing it before asking, it is not that hard to replace that ftp:// with ftps:// in your page, isn't it?
I want to disable https and want to access a site by http (for experimental purposes).I am using firefox on ubuntu 12.4. I tried by disabling SSL in browser.But then i am not able to access sites with https.
How can i do this?
Some sites, require using https (SSL) for accessing them. The site you try to access would probably redirect you to https (SSL), even if you decide to use http. In that case, you cannot disable the SSL use from your browser, because it is a demand from your target site.
Hope I helped...