2021-04-15 21:12 に Celejar さんは書きました:
On Thu, 15 Apr 2021 11:16:59 +0100
piorunz <pior...@gmx.com> wrote:
On 15/04/2021 03:15, Celejar wrote:
>> It certainly works fine for me. I use https only mode for many months
>> now. Can you bring an example of a page which returns good page on http,
>> but 404 error on https?
>
> http://www.daat.ac.il/
> https://www.daat.ac.il/
>
> Celejar
Their webserver is misconfigured. AFAIR, if they don't support https,
their server should redirect to http page. Instead, they throw 404
error.
Do you have a reference for this as required by the standards?
Your web browser behaviour is as intended, everything is fine.
If webadmins of that page don't know their sh*t, are you sure you want
to use that website? Who knows what else they forgot to implement.
No, everything is not fine. The website in question is a very valuable
one - it contains a wealth of important academic articles that are
valuable to my work. The techie attitude that the value of a resource
is somehow correlated to the technical competence of its implementation
is unfortunate and misguided.
I might indeed be reluctant to trust such a site with sensitive
personal information, but to suggest that we should shun websites just
because their administrators should be doing a better job is illogical.
Disclaimer: I never worked in IT, all self taught, but I have webpage
which I put up myself on Debian computer, with https cert (it's free),
TLS 2.0/3.0 only, PFS, HSTS preload with long duration, OCSP stapling,
top spec security. These guys? They can't even redirect to their http
page.
Celejar
Hi,
The site address you provided support https:
<CN = Sectigo RSA Domain Validation Secure Server CA
O = Sectigo Limited
L = Salford
ST = Greater Manchester
C = GB>
So, indeed, some misconfiguration it seems.
Maybe they simply forget to redirect http to https.
<Redirect / https://>
Though I agree no need to shun them.
HTH
