894
you are viewing a single comment's thread
view the rest of the comments
[-] mojo@lemm.ee 120 points 1 year ago

Nice, tried the link and they couldn't even set up https. Their target base won't even be able to type that link out lol.

[-] ccdfa@lemm.ee 48 points 1 year ago

One random thing that really annoys me is that the site http://shakespeare.mit.edu does not properly forward http requests to https although they have an https version of the site.

[-] baatliwala@lemmy.world 32 points 1 year ago

Funniest thing I've ever seen is the docs for Nginx do the same, no http to https redirection. I mean, you would hope that the maintainers for the biggest web server in the world would be able to manage that but somehow... No they don't.

[-] gatelike@feddit.de 9 points 1 year ago

server serves a protocol on a port. I would rather it not include logic like that. turn off the http port of you don't want to serve http.

[-] azertyfun@sh.itjust.works 14 points 1 year ago

HSTS + HTTPS redirect is the answer. It's industry standard for a reason: it's just as safe as pure HTTPS since you can't get anything other than a redirect over HTTP, and HSTS protects your users from future attempted MITM attacks. The MDN page for HSTS explains it all very clearly.

Any other implementation is an immediate audit fail in my experience.

There's no tangible security benefit to fully disabling port 80, and if anything depending on the service it may just drive users away to shadier alternatives.

[-] baatliwala@lemmy.world 10 points 1 year ago

that would mean anyone going to http:// will perceive as the server being down so what you are saying will not work in practice

[-] abbadon420@lemm.ee 2 points 1 year ago

Apache tomcat had a stupid security issue. I recently did a HackTheBox about it. Here's a write-up of the box https://medium.com/ctf-writeups/hack-the-box-jerry-write-up-6f045601315f

[-] Sneptaur@pawb.social 13 points 1 year ago

Why does reading Shakespeare need to be over SSL?

[-] the_third@feddit.de 17 points 1 year ago

At least because search engines rank TLS enabled sites higher these days. And also, wrapping everything in TLS creates more noise against surveillance and makes surveillance more expensive.

[-] Sneptaur@pawb.social 3 points 1 year ago

So if this site has both HTTPS and HTTP versions, and it’s just Shakespeare, does it matter that much? I figure not which is why it’s not auto redirecting

[-] Takios@feddit.de 14 points 1 year ago

SSL (or TLS nowadays) not only protects against surveillance but also guarantees the integrity of the data you send and receive. Without it, someone could spoof the response you receive. In practice this means injecting ads or malware or even worse: fake shakespeare!

[-] FlyingSquid@lemmy.world 8 points 1 year ago

According to some, all Shakespeare is fake Shakespeare.

[-] intensely_human@lemm.ee 9 points 1 year ago

Pay no attention to the man in the middle

[-] Sneptaur@pawb.social 3 points 1 year ago

Thanks for the explanation!

[-] SocialMediaRefugee@lemmy.world 2 points 1 year ago

It is brutal how few people know how to implement it and how apps all seem to have their own ways of doing it. I have to keep notes for the quirks of every damn app/OS I work with that uses SSL/TLS.

[-] intensely_human@lemm.ee 11 points 1 year ago

Why man they doth share packets in the clear

[-] mojo@lemm.ee 8 points 1 year ago* (last edited 1 year ago)

If you are using Firefox, enable https everywhere setting and it fixes stuff like that

It will only give an error if there's no https version that exists

[-] AMDIsOurLord@lemmy.ml 5 points 1 year ago

Firefox has a built in setting that does the same. No need for the extension

[-] kamenlady@lemmy.world 3 points 1 year ago

They said to use the setting, nothing about extensions though.

[-] SocialMediaRefugee@lemmy.world 0 points 1 year ago

Don't you just need to toss an ".htaccess" file in the root?

[-] timewarp@lemmy.world -1 points 1 year ago

No, an .htaccess file is specific to Apache HTTP Server... although some other web servers have integrated the format. However, most browsers now automatically redirect when an HTTPS version exists.

[-] Yuper@lemmy.world 14 points 1 year ago
[-] mojo@lemm.ee 6 points 1 year ago

Yeah, it made me laugh out loud.

this post was submitted on 27 Nov 2023
894 points (94.7% liked)

Mildly Infuriating

35459 readers
599 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago
MODERATORS