hosting www.arachni-scanner.com on https:// URL
Hi Tasos - would it be possible to host the www.arachni-scanner.com on https:// URL? Soon Chrome will start showing "Not Secure" for http:// URLs next to the URL bar, and since there are Downloads on http://www.arachni-scanner.com/download/ I think it would give people additional assurance. Currently https://www.arachni-scanner.com shows the valid certificate with the SANs including "DNS Name: *.arachni-scanner.com" but it redirects to https://www.arachni-scanner.com/cgi-sys/defaultwebpage.cgi - maybe something needs to be configured to show the same page as http://www.arachni-scanner.com/
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 02 Nov, 2017 04:44 PM
Hello,
I guess I need to do this just to avoid the Chrome warnings, I'll talk with my hosting provider to see what needs to happen.
2 Posted by Harasho on 30 Mar, 2018 05:41 PM
Hey Tasos,
Any update regarding this ? I love and support your work but just enabling HTTPS
would give other potential security users the assurance that your software should be trusted.
Support Staff 3 Posted by Tasos Laskos on 06 Apr, 2018 01:13 PM
I brought this up again and I'm awaiting a response from my hosting provider.
This seems like a simple config issue somewhere, although I've no idea where.
Support Staff 4 Posted by Tasos Laskos on 06 Apr, 2018 01:16 PM
Also, the software is served over HTTPS, as it's hosted on Github, and no sensitive info is transmitted between the visitors and the website.
HTTPS would just look good, but it makes no sense technically -- unless I've overlooked something.
The nightlies though could use a secure connection, but that's on a different host (I like to compartmentalize) and I'll look into that next.
5 Posted by Harasho on 09 Apr, 2018 02:34 PM
Thanks for the update Tasos. Yeah it should be a simple fix on their side in the config to redirect all port 80 requests to 443. And no you haven't overlooked anything but for the sake of HTTPS everything on the web, I think it's just better overall to enforce TLS.
Support Staff 6 Posted by Tasos Laskos on 04 May, 2018 08:54 AM
Still waiting.