ZenHAX
https://zenhax.com/

HTTPS/SSL for zenhax.com (and aluigi.altervista.org)
https://zenhax.com/viewtopic.php?f=21&t=3724
Page 1 of 1

Author:  aluigi [ Tue Jan 24, 2017 8:48 pm ]
Post subject:  HTTPS/SSL for zenhax.com (and aluigi.altervista.org)

If you are logging in the forum from an untrusted connection (free wifi, or a wifi not owned/controlled by you) then you may prefer to use the secure connection to the forum:
https://zenhax.com

Both HTTP and HTTPS remain available:
  • If you are at your home: use HTTP (maybe faster) or HTTPS
  • If HTTPS gives you problems: use HTTP
  • If HTTPS doesn't work in a certain moment: temporary try HTTP
  • If you are in an Internet Cafe or other public places: use HTTPS

Author:  aluigi [ Sun Jan 29, 2017 4:03 pm ]
Post subject:  Re: HTTPS/SSL for zenhax.com

I would like your opinion about:
  • leaving everything as is now, so it's up to the user to use the http or https website
  • forcing the https website
What you would prefer and suggest?

Nowadays it's common practice to force https if available making impossible for an user to use the "old" unencrypted connection, but personally I think that leaving both would be better so the forum will be ever accessible in case of problems (old web browser or port 443 unreachable or problems on the https service).

Author:  atom0s [ Sun Jan 29, 2017 7:43 pm ]
Post subject:  Re: HTTPS/SSL for zenhax.com

Leaving both should be fine, let the user choose what they want to use. Perhaps make mention somewhere easily seen that the site offers https as well in case people miss it or don't see these update threads.

Author:  aluigi [ Mon Jan 30, 2017 11:08 am ]
Post subject:  Re: HTTPS/SSL for zenhax.com

Added a note in the "Site description" and set this topic as "Global"

Author:  lorak [ Thu Feb 02, 2017 5:03 pm ]
Post subject:  Re: HTTPS/SSL for zenhax.com

I agree, keep both options.

Author:  coredevel [ Sun Jan 07, 2018 2:53 pm ]
Post subject:  Re: HTTPS/SSL for zenhax.com

If SSL certificate expires, Firefox browser won't let you visit the website. I can't even visit that other site, xentax, right now, because they are too lazy to renew their SSL certificate. So, significant loss of web traffic if SSL certificate goes *poof*.

Author:  aluigi [ Sun Jan 07, 2018 3:38 pm ]
Post subject:  Re: HTTPS/SSL for zenhax.com

That should not happen here on zenhax because certificates are automatically renewed.

Author:  aluigi [ Fri Sep 14, 2018 5:29 pm ]
Post subject:  Re: HTTPS/SSL for zenhax.com

Now HTTPS is available on my website too: https://aluigi.altervista.org

HTTPS is useful only if you are going to download quickbms or other tools from untrusted connections (public wifi) and, exactly like on zenhax, both http and https are and will remain active without any "forced" https.

The only downside of enabling https is that it required to use cloudflare and consequently some parts of the website may not be 100% original, just small things like for example my email address on top of the page that is no longer visible without javascript ([email protected]).
Or maybe some files that are magically no longer available even if they are phisically on the server like http://aluigi.altervista.org/poc/chromerda.zip (mah?)

Anyway who cares, now https is there so you can use it if you need it.

https is available also on the https://aluigi.zenhax.com mirror but the certificate is the same of zenhax.com and the browser may annoy you.

Author:  atom0s [ Sat Sep 15, 2018 12:18 am ]
Post subject:  Re: HTTPS/SSL for zenhax.com (and aluigi.altervista.org)

Your file link for https://aluigi.altervista.org/poc/chromerda.zip returns a 403 (forbidden) code, so it looks to be a configuration issue on your server causing it to fail.

Author:  aluigi [ Sat Sep 15, 2018 2:59 am ]
Post subject:  Re: HTTPS/SSL for zenhax.com (and aluigi.altervista.org)

I removed and reuploaded the file and now it works correctly.
It was a mistery issue randomly found by mistake, it's perfectly possible that it gave the same error even before :)
Apparently cloudflare "hijacks" (in a non-negative sense) the html pages only.

Author:  mcpherson [ Sat Sep 15, 2018 9:58 pm ]
Post subject:  Re: HTTPS/SSL for zenhax.com

aluigi wrote:
I would like your opinion about:
  • leaving everything as is now, so it's up to the user to use the http or https website
  • forcing the https website
What you would prefer and suggest?

Nowadays it's common practice to force https if available making impossible for an user to use the "old" unencrypted connection, but personally I think that leaving both would be better so the forum will be ever accessible in case of problems (old web browser or port 443 unreachable or problems on the https service).

i agreed with both of you thanks....

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/