HTTP SITE DOES NOT REDIRECT

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

HTTP SITE DOES NOT REDIRECT

Kihaguru Gathura-2
Hi,


https://www.htbridge.com SSL test reports as follows:

------------------------------------------------------------------------------------------------------------
HTTP SITE DOES NOT REDIRECT
The HTTP version of the website does not redirect to the HTTPS
version. We advise to enable redirection.
Misconfiguration or weakness
------------------------------------------------------------------------------------------------------------

Web server configuration as follows:

------------------------------------------------------------------------------------------------------------
        # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $

        server "xyz.com" {
                listen on * port 80
                location "/.well-known/acme-challenge/*" {
                        root "/acme"
                        request strip 2
                }
                location * {
                        block return 302 "https://xyz.com$REQUEST_URI"
                }
        }

        server "xyz.com" {
                listen on * tls port 443
                hsts
                tls {
                        certificate "/etc/ssl/xyz.com.fullchain.pem"
                        key "/etc/ssl/private/xyz.com.key"
                }
                location "/.well-known/acme-challenge/*" {
                        root "/acme"
                        request strip 2
                }
                location "/xyz.com/*" {
                        root "/"
                        fastcgi
                }
        }
------------------------------------------------------------------------------------------------------------

is this error justifiable considering the above configuration?

Thanks,

Kihaguru.

Reply | Threaded
Open this post in threaded view
|

Re: HTTP SITE DOES NOT REDIRECT

Oliver Leaver-Smith


> On 6 Mar 2019, at 06:48, Kihaguru Gathura <[hidden email]> wrote:
>
> is this error justifiable considering the above configuration?

If you curl the http site yourself do you get a 302 to https? If yes, then it’s their problem.