I have one wordpress website, in that am getting lot of errors day by day. So I like to change my normal HTTP to HTTPS. So please can you explain it is very useful and secure for my website.
If your website does not have https in the web link this means that you do not have installed SSL. Most of the modern web browsers treat any website without SSL installed as insecure. This may be one of the reasons for your website's issues.
I found the following answers to the question of the difference between HTTP and HTTPS.
Difference between HTTP and HTTPS
To know about the reasons for using SSL follow the link given below:
Reasons for using SSL
10,000ft view...
http is an unencrypted protocol for sending and retrieving data from servers in a web browser (among other uses). https is the same protocol but wrapper in SSL, a security tool that encrypts communications between the browser and server. This is what what banks and other websites use to ensure your data (like financial info) is protected when sent to your browser and cannot be read by someone on the same network.
Checkout articles like this and google the topic for more info.
Hope this helps.
Related
I work in an organisation where a TMG server with port forwarding has been used successfully for a number of years to forward all http traffic to https for a particular web application. This meant that http or https would work on URLs for that web application.
Recently this was seen as a security risk and http is no longer being advertised. For users this has caused an issue where all the links they had which were originally http no longer work and they are having to update all their links to https.
I can't quite figure out what the vulnerability is, and if someone could shed some knowledge I would really appreciate it.
How I understand it, there are 2 paths http and https. The TMG server essentially acts as the gatekeeper that sits in front of the organisations network and forces all http traffic down the https route instead, so at no point is there any http traffic into the network.
Thanks in advance.
I used the security stack exchange site as suggested by Guy Incognito which provided great explanations. https://security.stackexchange.com
See my post here:
https://security.stackexchange.com/questions/234742/is-http-to-https-port-forwarding-a-vulnerability/234751#234751
I have a wordpress website using free hosting of Open Shift. When I search goole for my website name. I received a result that contain https ssl. But when I click this links google chrome will go to:
Attackers might be trying to steal your information from phamquan.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is phamquan.com; its security certificate is from *.rhcloud.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Because my website doesn't have ssl cerification. How can i disallow google index all links of my website as https. Only allow http links.
The only way to prevent Google from indexing the HTTPS version of the site is to stop listening to HTTPS. The main problem here is that your webserver is currently listening to HTTPS requests, although your website is not configured to deliver a valid certificate.
If you can't access the server configuration, another approach described here and here is to use the canonical link tag to link to the HTTP version of the site as a hint that the correct version is the HTTP and not the HTTPS.
Is there any possibility to send HTTP headers on an ftp:// URL? How would I go about it?
What I want is HTTP based crawlers to see an HTML Response (in the headers) while human users see the pure FTP Content.
What would be the smartest way of solving this problem? I thought about user agent specific redirection, however this seems to be against most search engine's guidelines.
What I want is for bots to index an HTTP version of the content, while normal users can get access to the FTP version, all while using a single ftp:// URL.
Is this doable?
It's NOT doable.
You cannot redirect ftp:// URL to http:// URL. The FTP protocol has no redirects. FTP protocol does not even know what URL is. Nor does a web browser (acting as an FTP client) send "user agent" or anything similar to the FTP server.
There are also no headers in FTP protocol (but that's just a technicality, comparing to the fact above).
FTP protocol is completely different to HTTP.
You are obviously confused by the web browsers (all of them) presenting an FTP resource the same way as an HTTP resource. But it's just a "game" by the browsers. They are nowhere near similar.
Note that FTP was invented eons before Internet, HTTP, web and URLs.
Though note that you may be able to do it the other way around. You should be able to redirect HTTP to FTP.
But I still do not think it's a good idea. If the clients need FTP, they probably want to use a real FTP client, not a web browser. And a real FTP client won't understand HTTP (redirects).
But this question is kind of meaningless, now that all major web browsers are gradually removing a support for FTP anyway.
Evening all,
I am having some difficulty with displaying my FTP connection content on a page with HTTPS encryption. It works on standard HTTP but not HTTPS. I am running Apache web server. I'm not fussed about the user being able to see the FTP details just want to secure the connection between both ends though.
Would FTPS on HTTPS work?
Regards
ftp:// does work on https websites, although by default its blocked by the "Mixed Content Blocking"
In firefox you can disable this protection by doing what the picture describes:
For IE:
ftp:// does not work because of mixed content (e.g. secure https and non-secure ftp).
ftps:// will not work because most browsers do not support it and maybe your ftp server doesn't even speak ftps.
And, how about just testing it before asking, it is not that hard to replace that ftp:// with ftps:// in your page, isn't it?
I am quite new to HTTPS and can not get my head around it.
Can someone suggest good starting point for learning about HTTPS, certificates and signing?
Possibly with a working example in ASP.NET with IIS.
If all you are trying to do is have your site in HTTPS there is no code needed. All you need to do is set IIS to serve pages with HTTPS.
If that is all you want, you are better off asking this question in http://www.serverfault.com.
To get you started, here's a link on how to set https in iis 7: http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-70/
HTTPS is just normal HTTP traffic that is encrypted using SSL/TLS. The protocol is fairly straightforward. I wrote a detailed blow-by-blow of what happens at the start of a connection on my blog: The First First Few Milliseconds of an HTTPS Connection.
It's unfortunate that the APIs built on top of the protocol are often much more complicated.