Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [https]

HTTPS stands for HTTP Secure and is a combination of HTTP and SSL/TLS (Secure Sockets Layer/Transport Layer Security) and is used to provide an encrypted connection to a website.

HTTPS connections are often used for payment transactions and for sensitive transactions in corporate systems. They are increasingly being used for social networking sites like Facebook and Twitter to help prevent identity theft etc.

HTTPS on Wikipedia

2524 questions
11
votes
2 answers

How to serve different robots.txt for http and https on same site?

I got a small site which served by Apache (I can't put Nginx in front nor change Apache to anything), and it is set up to serve the same site both over http and https (no redirects http->https is there so far, so both http and https versions are…
Kevin M
  • 299
  • 3
  • 10
11
votes
3 answers

Block direct access to webserver IP via HTTPS

Similar to this and this question I want to block users from using the IP to access my server. For HTTP (port 80) this works fine, but not for HTTPS. So users can still enter https:// to access the webserver and nginx returns the default…
rugk
  • 506
  • 2
  • 6
  • 18
11
votes
3 answers

Does SNI represent a privacy concern for my website visitors?

Firstly, I'm sorry for my bad English. I'm still learning it. Here it goes: When I host a single website per IP address, I can use "pure" SSL (without SNI), and the key exchange occurs before the user even tells me the hostname and path that he…
pagliuca
  • 243
  • 2
  • 10
11
votes
3 answers

Assigning Multiple IP Addresses to localhost OS X 10.6

I'm attempting to host multiple website locally with HTTPS enabled, but in order to do this I'd need to configure my local machine to use multiple IP address for localhost (I believe). Is there any way to have multiple IP addresses resolving…
user1086746
  • 463
  • 1
  • 4
  • 7
11
votes
4 answers

Need help trouble shooting Https webserver error - SSL Handshake failed

I followed this guide: http://hints.macworld.com/article.php?story=20041129143420344 Here is my virtual host definition SSLEngine on SSLProxyEngine On RequestHeader set Front-End-Https "On" CacheDisable * …
NullVoxPopuli
  • 305
  • 1
  • 4
  • 13
11
votes
2 answers

Does https include protection from a replay attack?

Is it possible to perform a replay attack on a request transfered via https? Meaning, does the https protocol enforce a mechanism similar to digest access authentication where a nonce is introduced into the request to prevent replay.
oneself
  • 397
  • 1
  • 5
  • 15
10
votes
1 answer

Trying to get 100% in ssllabs.com key exchange

I wanted to know what steps are needed to get 100% on every category in ssllabs.com. I am aware that this could lead to problems in older systems, but I dont care. My letsencrypt.org certificate uses 4096 bits. This is the best score I could get…
feedc0de
  • 269
  • 1
  • 2
  • 9
10
votes
3 answers

After enabling HTTPS on my Apache2 server - I get 404 errors on every request

Okay, so I've had no experience with SSL/HTTPS ever before, I've only ever dealt with standard HTTP. Recently I've started work on a site which will need SSL. So of course, I've gone out and researched how to and got started. I've got to the stage…
Michael Longhurst
  • 301
  • 2
  • 10
10
votes
3 answers

Is it safe to serve HTTP/HTTPS over ports 8080/8443

Due to an infrastructure limitation, one of the proposed solutions for serving an HTTP service to the world is to offer it over ports 8080 and 8443. My concern is that some users may not be able to access these services because they are not running…
spender
  • 368
  • 1
  • 3
  • 13
10
votes
2 answers

HTTPS redirect from a naked domain (example.com) to a full domain 'www.example.com' without an error?

I'm trying to Redirect non-www requests to www on Amazon Route 53. I made an S3 bucket with the name of the naked domain and configure the bucket properties to redirect from example.com to www.example.com, and then in Route 53 create an alias for…
Eki Eqbal
  • 211
  • 1
  • 2
  • 6
10
votes
2 answers

HTTPS warning: works on desktop, warning on mobile

I installed a wildcard SSL certificate (*.vht.com) for my work and accessing the following website in chrome (or any desktop browser) https://tours.vht.com/fsviewer3/fss2.html works, but when trying to access using iOS or android(chrome) you will…
vhtuser3
  • 103
  • 5
10
votes
1 answer

HTTPS overhead compared to HTTP

HTTPS is the encrypted version of HTTP, and nowadays it is becoming a common practice to encrypt all the web traffic, not only sensitive one. The drawback of HTTPS, apart from the need to buy expensive certificates and being dependent of a third…
Wizard79
  • 203
  • 1
  • 2
  • 8
10
votes
2 answers

Configure Squid as an HTTPS forward proxy?

Here's some background about my problem: I have a web service running on Heroku, with a dynamic IP address. Static IPs on Heroku are not an option. I need to connect to an external web service which is behind a firewall. The people who operate the…
David
  • 163
  • 1
  • 2
  • 5
10
votes
2 answers

How to handle encrypted and unencrypted http connections through a single port

Please, take a look at the following diagram. How should this work? When a remote requests http:// myhost.com:8080/* , the request should be forwarded to the http server that listens on port 8008 of the loopback interface. This is the easy…
alemartini
  • 1,043
  • 1
  • 6
  • 14
10
votes
3 answers

How to redirect from HTTPS to HTTP before server error?

I used to operate a website with an SSL certificate, but have stopped using the SSL certificate. The problem is that most of the external links to the website use the https:// prefix. I have tried the https:// to http:// redirect in the .htaccess…
user981178
  • 445
  • 1
  • 3
  • 13
1 2 3
99 100