One random thing that really annoys me is that the site http://shakespeare.mit.edu does not properly forward http requests to https although they have an https version of the site.
SSL (or TLS nowadays) not only protects against surveillance but also guarantees the integrity of the data you send and receive. Without it, someone could spoof the response you receive. In practice this means injecting ads or malware or even worse: fake shakespeare!
No, an .htaccess file is specific to Apache HTTP Server… although some other web servers have integrated the format. However, most browsers now automatically redirect when an HTTPS version exists.
Funniest thing I’ve ever seen is the docs for Nginx do the same, no http to https redirection. I mean, you would hope that the maintainers for the biggest web server in the world would be able to manage that but somehow… No they don’t.
One random thing that really annoys me is that the site http://shakespeare.mit.edu does not properly forward http requests to https although they have an https version of the site.
Why does reading Shakespeare need to be over SSL?
SSL (or TLS nowadays) not only protects against surveillance but also guarantees the integrity of the data you send and receive. Without it, someone could spoof the response you receive. In practice this means injecting ads or malware or even worse: fake shakespeare!
Don’t you just need to toss an “.htaccess” file in the root?
No, an .htaccess file is specific to Apache HTTP Server… although some other web servers have integrated the format. However, most browsers now automatically redirect when an HTTPS version exists.
Funniest thing I’ve ever seen is the docs for Nginx do the same, no http to https redirection. I mean, you would hope that the maintainers for the biggest web server in the world would be able to manage that but somehow… No they don’t.
server serves a protocol on a port. I would rather it not include logic like that. turn off the http port of you don’t want to serve http.