[Ach] lighttpd

Tobias Dussa (SCC) tobias.dussa at kit.edu
Wed Nov 13 11:06:51 CET 2013


Hi,

On Tue, Nov 12, 2013 at 10:22:43PM +0100, David Durvaux wrote:
> I roughly have the same config + redirection of http queries to https.

We are usually NOT deploying a plain redirect to from HTTP to HTTPS because we
want users to become aware that they should be using HTTPS directly.  What we do
is we display a stub web page asking users to use HTTPS and redirecting them
after 30 seconds or so.  I'd prefer to recommend that instead of a transparent
redirect.  Any thoughts/arguments pro/con?

Cheers,
Toby.
-- 
Who is General Failure?  And why is he reading my disk?

----

Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)
KIT-CERT

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association



More information about the Ach mailing list