hosting www.arachni-scanner.com on https:// URL

Dmitry's Avatar

Dmitry

20 Oct, 2017 10:39 AM

Hi Tasos - would it be possible to host the www.arachni-scanner.com on https:// URL? Soon Chrome will start showing "Not Secure" for http:// URLs next to the URL bar, and since there are Downloads on http://www.arachni-scanner.com/download/ I think it would give people additional assurance. Currently https://www.arachni-scanner.com shows the valid certificate with the SANs including "DNS Name: *.arachni-scanner.com" but it redirects to https://www.arachni-scanner.com/cgi-sys/defaultwebpage.cgi - maybe something needs to be configured to show the same page as http://www.arachni-scanner.com/

  1. Support Staff 1 Posted by Tasos Laskos on 02 Nov, 2017 04:44 PM

    Tasos Laskos's Avatar

    Hello,

    I guess I need to do this just to avoid the Chrome warnings, I'll talk with my hosting provider to see what needs to happen.

  2. 2 Posted by Harasho on 30 Mar, 2018 05:41 PM

    Harasho's Avatar

    Hey Tasos,

    Any update regarding this ? I love and support your work but just enabling HTTPS
    would give other potential security users the assurance that your software should be trusted.

  3. Support Staff 3 Posted by Tasos Laskos on 06 Apr, 2018 01:13 PM

    Tasos Laskos's Avatar

    I brought this up again and I'm awaiting a response from my hosting provider.
    This seems like a simple config issue somewhere, although I've no idea where.

  4. Support Staff 4 Posted by Tasos Laskos on 06 Apr, 2018 01:16 PM

    Tasos Laskos's Avatar

    Also, the software is served over HTTPS, as it's hosted on Github, and no sensitive info is transmitted between the visitors and the website.

    HTTPS would just look good, but it makes no sense technically -- unless I've overlooked something.

    The nightlies though could use a secure connection, but that's on a different host (I like to compartmentalize) and I'll look into that next.

  5. 5 Posted by Harasho on 09 Apr, 2018 02:34 PM

    Harasho's Avatar

    Thanks for the update Tasos. Yeah it should be a simple fix on their side in the config to redirect all port 80 requests to 443. And no you haven't overlooked anything but for the sake of HTTPS everything on the web, I think it's just better overall to enforce TLS.

  6. Support Staff 6 Posted by Tasos Laskos on 04 May, 2018 08:54 AM

    Tasos Laskos's Avatar

    Still waiting.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac