f



Apache 2.2: Reject https for http-only sites on server w/ 1 https site?

Hi,

I have a handful of sites (name virtual hosts) being served on the same 
physical server (and IP address), using Apache 2.2.15. One of the sites also 
has an https version (in fact, the http version of that site redirects 
straight to the https version), but the other sites are http-only.

Unfortunately, if somebody inadvertently attempts to access any of the other
http-only sites using https, then the server will attempt to serve the 
corresponding URI on the (sole) https site instead (and causing web browsers 
to disable a security certificate warning page, for obvious reasons).

I have a feeling that I may be rather stuck in the catch-22 situation that the
server does not know which https site has actually been requested until it has 
started to negotiate the secure connection, and therefore is returning the
certificate (and content) for the default https site regardless?

Is there any way that I can prevent https content from being (attempted to be)
served for the non-https sites?

Would Server Name Indication (SNI) (and 'empty' https sites for the http-only 
sites, or something in the config for these virtual hosts to 'unlisten' on the
https port?)) help at all? Our Apache supports SNI, but there is still the 
risk that a reasonable proportion of client browsers and OSes may not, 
unfortunately.

Would I be able to set up SNI so that the single required https site can still
be served properly to non-SNI-aware clients? It's essential that the https
site works for as wide a range of users as possible (yes, another grumble at
old versions of IE and Windows..).

The webserver also serves another http *and* https site, but these are on a 
different IP address, so I assume that is not particularly relevant to this 
current problem.

Thanks for any advice,


David.

0
David
4/17/2013 3:50:26 PM
comp.infosystems.servers.unix 3274 articles. 0 followers. Post Follow

3 Replies
978 Views

Similar Articles

[PageSpeed] 46

In comp.infosystems.www.servers.unix,
David  <david@55952163-3189045.bogus.domain.invalid> wrote:
> I have a feeling that I may be rather stuck in the catch-22 situation that
> the server does not know which https site has actually been requested until
> it has started to negotiate the secure connection, and therefore is
> returning the certificate (and content) for the default https site
> regardless?

Exactly. Whenever possible, use separate IP addresses for each HTTPS site
to avoid this possibility.

> Is there any way that I can prevent https content from being (attempted to
> be) served for the non-https sites?

No.

> Would Server Name Indication (SNI) (and 'empty' https sites for the
> http-only sites, or something in the config for these virtual hosts to
> 'unlisten' on the https port?)) help at all? Our Apache supports SNI, but
> there is still the risk that a reasonable proportion of client browsers and
> OSes may not, unfortunately.

SNI would help, probably help a lot, but it won't be perfect. I'd guess more
than 50% of the time, but less than 95%, of clients would benefit.

Elijah
------
has, so far, been able to use separate IP addresses for all his https needs
0
Eli
4/17/2013 7:46:45 PM
David <david@55952163-3189045.bogus.domain.invalid> writes:
> Would I be able to set up SNI so that the single required https site
> can still be served properly to non-SNI-aware clients? 

I think this should work, but I haven't tried it.

> Thanks for any advice,

If it's that important to you to support old browsers and OS's, you can
probably afford another IP address for the purpose.

You can also get multi-domain certificates though it's possible that
really ancient browsers have problems with those.
0
Paul
4/18/2013 2:49:00 AM
On 2013-04-17, Eli the Bearded <*@eli.users.panix.com> wrote:
> In comp.infosystems.www.servers.unix,
> David  <david@55952163-3189045.bogus.domain.invalid> wrote:
>> I have a feeling that I may be rather stuck in the catch-22 situation that
>> the server does not know which https site has actually been requested until
>> it has started to negotiate the secure connection, and therefore is
>> returning the certificate (and content) for the default https site
>> regardless?
>
> Exactly. Whenever possible, use separate IP addresses for each HTTPS site
> to avoid this possibility.
>
>> Is there any way that I can prevent https content from being (attempted to
>> be) served for the non-https sites?
>
> No.

Sorry for the belated reply:

Thanks, that's what I'd feared..

OK, we'll need to dig up a spare IP address for the https site, I guess.


[...]
> SNI would help, probably help a lot, but it won't be perfect. I'd guess more
> than 50% of the time, but less than 95%, of clients would benefit.

I'll hold off on SNI until Windows XP has gone away, or usage has at least 
dropped to negligible levels..


Thanks,

David.

0
David
5/8/2013 2:07:04 PM
Reply:

Similar Artilces:

Oracle server 9.2.0.1.0, Client 9.2.0.4.0, Red Hat Linux enterprise advanced server 2.1
Hi Everybody, My Database server is running on Red Hat Linux enterprise advanced server 2.1, And my Oracle version is 9.2.0.1.0. My Client mechine also Red Hat Linux enterprise advanced server 2.1 , Oracle client version is 9.2.0.4.0. I am running a web application. Our application is in Magic edeveloper. I connect to Oracle using oracle gateway to my application. My Problem is my application is is becoming slow. I am not able to trace where the problem is. Before our application was running fine. recently i upgraded Oracle client version to 9.2.0.4.0. My Oracle client & server versi...

Apache HTTP Server 2.2 on Windows XP
I have an always on DSL connection with Windows XP Pro. I have installed Apache HTTP Server 2.2. After registering at www.dyndns.com to get my own web site name I have all that linked together. I have apache setup to go off of the dyndns.org and with my full server name set up through there as well. When I type iit in on my computer it works fine (of course). When I try it in IE on another computer in my house that uses the DSL, it works. Anywhere outside of my house can't see it. I have the config file set to listen to fe#######.dyndns.org:80. After running a port scan it says it didn't see anything running on port 80. I have windows firewall accepting port 80. I also turned on port forwarding through my router. Is there anything here that it looks like I am missing? Desperate in Buffalo Fetter wrote: > I have an always on DSL connection with Windows XP Pro. I have > installed Apache HTTP Server 2.2. After registering at www.dyndns.com > to get my own web site name I have all that linked together. I have > apache setup to go off of the dyndns.org and with my full server name > set up through there as well. When I type iit in on my computer it > works fine (of course). When I try it in IE on another computer in my > house that uses the DSL, it works. Anywhere outside of my house can't > see it. I have the config file set to listen to > fe#######.dyndns.org:80. After running a port scan it says it didn't > ...

Apache HTTP Server 2.2 on Windows XP
I have an always on DSL connection with Windows XP Pro. I have installed Apache HTTP Server 2.2. After registering at www.dyndns.com to get my own web site name I have all that linked together. I have apache setup to go off of the dyndns.org and with my full server name set up through there as well. When I type iit in on my computer it works fine (of course). When I try it in IE on another computer in my house that uses the DSL, it works. Anywhere outside of my house can't see it. I have the config file set to listen to fe#######.dyndns.org:80. After running a port scan it says it ...

HPSBUX02401 SSRT090005 rev.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01650939 Version: 1 HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-02-02 Last Updated: 2009-02-12 Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request fo...

Apache 1.3.12
I'm using IBM's http server v1.3.12.2 running on solaris 7 (I know everything is old but there are lots of reasons... excuses... why ;-) Yesterday the Root Certificate Expiration issue seems to have hit me. I ran IBM's ikeyman utility and updated the root certificate. But yesterday SSL traffic started failing. The ssl-access_error log shows: [Thu Jan 8 13:18:25 2004] [error] mod_ibm_ssl: SSL Handshake Failed, Invalid date. So I'm trying to figure out where else I need to update the certs. I'll be posting this in the IBM area as well. any help would be ...

Installing Apache HTTP Server 2.2.22 on my Windows7 Machine.
I am having trouble loading Apache HTTP Server on my Windows7 computer. I want to change the location of htdocs to a folder in another file structure (c:/users/peter/documents/htdocs) for ease of access to my files and then I want to run the php5apache2_2.dll file handler. The Appropriate lines from my HTTPD.Conf file to set the htdocs document root are below. They don't appear in this direct sequence in my conf file. #DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/ Apache2.2/htdocs" DocumentRoot "C:/Users/Peter/Documents/htdocs" .......

RE: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) #2
-----Original Message----- From: Dave Froble [mailto:davef@tsoft-inc.com]=20 Sent: Thursday, August 17, 2006 12:23 AM To: Info-VAX@Mvb.Saic.Com Subject: Re: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) Stanley F. Quayle wrote: > On 16 Aug 2006 at 14:42, Barry.Treahy@EmersonNetworkPower.com wrote: >> You might find the costs to migrate everything from the 4000/100 models >> to replacement CHARON 4000/108 emulated systems cost effect >=20 > Another CHARON-VAX possibility [Shameless Plug Alert (tm)] is to=20 ...

2 NICs, 1 server #2
Hi, I have a situation where I have one NIC connected to a switch on a server, and two internet connections on the switch, before I continue, I don't need channel bonding and I don't need load balencing because that's not what I need nor want. Here's my physical configuration (Best viewed in monospace font): <CONNECTION 1>---[ISP 1] | [NAT] | <SERVER>-------[SWITCH] (note: Both NAT routers are on the same subnet) | [NAT] | <CONNECTION 2>---[ISP 2] The server is only able to route out one connection or the other at the moment. Basically what I want is for the server to be able to route out the connection it came in on. I wish for this to have the least impacting solution on the system possible. Thank you, -- --Krad Xeron Hello, Kradorex Xeron a �crit : > > Here's my physical configuration (Best viewed in monospace font): > > <CONNECTION 1>---[ISP 1] > | > [NAT] > | > <SERVER>-------[SWITCH] (note: Both NAT routers are on the same subnet) > | > [NAT] > | > <CONNECTION 2>---[ISP 2] > > The server is only able to route out one connection or the other at the > moment. Basically what I want is for the server to be able...

OS/2 Lan Server V3.0 for sale with OS/2 2.1
http://cm.ebay.com/cm/ck/1065-29296-2357-0?uid=4289490&site=0&ver=LCA080805&item=120067699646&lk=URL ...

LaTex equation numbering like 2.1, 2.2, also 2.0.1, 2.0,2, 2.1.1, etc
David Roach wrote: > Is there a simple command to have latex number > the equations by the section numbers automatically. > > David From the LaTeX Companion (what a wonderful book!) %%%%%%%%%%%%%%%%%%%%%% % number equations within sections % In preamble \makeatletter \@addtoreset{equation}{section} \makeatother \renewcommand{\theequation}{\thesection.\arabic{equation}} %%%%%%%%%%%%%%%%%%%%%% Numbers within sections...I use this all the time in articles. Even works with ******************* ******************* Brilliant. And then I got numbering within subsections by repeating and editing (not replacing), so I now have:- (Just after the documentClass command) \makeatletter \@addtoreset{equation}{section} \makeatother \renewcommand{\theequation}{\thesection.\arabic{equation}} \makeatletter \@addtoreset{equation}{subsection} \makeatother \renewcommand{\theequation}{\thesubsection.\arabic{equation}} Bob Bob Marlow schrieb: > David Roach wrote: > >> Is there a simple command to have latex number >> the equations by the section numbers automatically. >> >> David > > From the LaTeX Companion (what a wonderful book!) > > %%%%%%%%%%%%%%%%%%%%%% > > % number equations within sections > % In preamble > > \makeatletter > \@addtoreset{equation}{section} > \makeatother > \renewcommand{\theequation}{\thesection.\arabic{equation}} > > %%%%%%%%%%%%%%%%%%%%%% [more code] > Hi! I th...

[ANN] MyARM releases mod_arm4 1.0 for Apache HTTP Server 2.x
Gelnhausen, Germany - June 19 2006 MyARM releases mod_arm4 version 1.0 an Apache HTTP Server module. The source is now available at http://www.myarm.de/ and pre-compiled versions are included in any MyARM distribution archive. mod_arm4 version 1.0 ==================== mod_arm4 is an Apache HTTP Server 2.x module for instrumenting the server with the Application Response Measurement (ARM) standard. With this module it is possible to measure each HTTP request made to an Apache HTTP Server using ARM. This module only interfaces to the ARM 4.0 C interface and therefore you need a...

[ANN] MyARM releases mod_arm4 1.0 for Apache HTTP Server 2.x
Gelnhausen, Germany - June 19 2006 MyARM releases mod_arm4 version 1.0 an Apache HTTP Server module. The source is now available at http://www.myarm.de/ and pre-compiled versions are included in any MyARM distribution archive. mod_arm4 version 1.0 ==================== mod_arm4 is an Apache HTTP Server 2.x module for instrumenting the server with the Application Response Measurement (ARM) standard. With this module it is possible to measure each HTTP request made to an Apache HTTP Server using ARM. This module only interfaces to the ARM 4.0 C interface and therefore you need a real ARM 4.0 compliant agent (e.g. MyARM) to really measure HTTP requests. Features ======== The mod_arm4 module found at the Apache web-site works but is not really customisable and also not implemented for a production server. We at MyARM improved the module regarding performance, better ARM instrumentation and added various configuration directives to selectively measure HTTP requests. The following lists the main features of the mod_arm4 module: * Load the ARM library dynamically * Measurement of requests only if a correlator was passed by a client. * Explicitly allow or deny measurement of requests by URI patterns. * Support of ARM context properties (Various HTTP Request information). * Support of ARM metrics (BytesSent, HTTP Status). Contact ======= MyARM GbR Neue Str. 4 63571 Gelnhausen-Roth Germany email: mod_arm4{at}myarm.de Links ===== Apache HTTP Server web si...

Conn4x & USB rev 2.2.2348
It's available at: http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?pnameOID=351776&locale=en_US&taskId=135&prodSeriesId=33568&prodTypeId=215348&swEnvOID=20 That's HP's "business support center" site. The "HP Customer Care" site doesn't have it yet; as far as I can tell, it usually takes a few more days for new files to show up there. It's not obvious to me what the changes from build 2345 are, but I've downloaded and installed build 2348, and it's seems to work ok. The USB driver installation is still a b...

Poor HTTP upload in rexx CGI script (Apache 2.*
There is no problem with HTTP Upload in Rexx CGI script in Apache version 1.3. But in Apache version 2. there is very slow reading from Apache STDIN by rexx function charin(). I tried many variants with no success. ...

[News] xorg-server 1.8.2 is Out, xorg-server 1.9 Out Soon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 xorg-server 1.8.2 ,----[ Quote ] | The second stable release for the X server | 1.8 series is now available. As previously | announced, no new commits over RC2 and no-one | threatened me with extradition over the DRI2 | backports - hence they're staying in. | | This is the last regular 1.8 release unless | someone else wants to take over as RM. Until | that happens, the server-1.8-branch is open. | If you have patches that you think are | necessary for the 1.8 series, please push | them there. `---- http://lists.freedesktop.org/archives/xorg-announce/2010-June/001342.html [ANNOUNCE] xorg-server 1.8.99.904 ,----[ Quote ] | Not a huge number of changes this week; a | couple of bug fixes, some server log cleanups | and some Xephyr changes. `---- http://lists.freedesktop.org/archives/xorg-announce/2010-July/001343.html Recent: [ANNOUNCE] xorg-server 1.7.4.901 ,----[ Quote ] | Not a lot of fixes, LCA rather slowed down the | patch flow. There's a number of patches in the | queue for master, so I expect 1.7.4.902 to be | a bit more exciting. `---- http://lists.freedesktop.org/archives/xorg/2010-January/048852.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwvHqoACgkQU4xAY3RXLo7NcQCgnrBoWPAfo2uivpCM4ffSY+G1 TrgAoKlag2tvJk0p6xApdzw3i1urFZYy =HrU5 -----END PGP SIGNATURE----- ...

Video Conferencing Server TrueConf Server 3.2.2
A video conferencing server is an ideal solution for medium and large businesses, especially if employees are located in different offices or even in different towns or countries. TrueConf Server makes it possible to hold remote video conferences easily and reliably. It works either over a local area network or the Internet. It provides various extra features such as text chat, whiteboard, address book and more. Up to 100 users can participate in video conference, depending on the mode used. There are various video conferencing types provided by TrueConf. In the asymmetric video confe...

devpi-client-2.1.0/devpi-server-2.1.5: maintenance releases
We just released devpi-server-2.1.5 and devpi-client-2.1.0 as maintenance and minor improvement releases. devpi is a system for managing packaging, documentation, test and installation workflows for private Python packages. See http://doc.devpi.net for documentation and tutorials and below for the changelog. many thanks to Florian Schulze who did most of the heavy-lifting for this release and of course to the issue/PR creators! best, holger krekel changelogs ---------- devpi-server-2.1.5 (compared to 2.1.4): - fix devpi-ldap issue17: the push command directly used...

Telnet BBS Server 1.2 Released #2
Telnet BBS Server is a Windows program that provides Serial<->TCP/IP Telnet bridging. With it, you can set up a real Commodore BBS and have people Telnet into it. This is the technology behind several of the BBSes listed on www.telbbs.com . It also lets you use your Commodore as a Telnet client for calling BBSes or other Telnet servers. Provides basic Hayes compatibility, and you don't have to modify any of your Commodore software. Get it here: http://www.jammingsignal.com/files/ New features in Version 1.2: -Added an option to enable hardware flow control for higher baud rat...

VIO Server level 2.2.1.4
Have you started to use VIO Server level 2.2.1.4? =20 We've started to use it and have run into a major issue. I'd like to solici= t your support to contact IBM and raise the visibility of the issue. The sc= enario is that the command 'lspv -free' has been redesigned to no longer sh= ow disks which have a VGID. So in brief, any disk that has ever been used w= ill no longer be shown as free, even if you have intentionally freed the di= sk, unless you specifically overwrite the VGID.=20 They claim to have done this to support knowing when a disk is in use by va= rious types of clusters outside of the knowledge of the specific VIO server= .. However, I dont buy that as a viable explanation. The documentation clear= ly states that this option, "Lists only physical volumes that are available= for use as a backing device." However, with this new change it does not do= that. IBMs response so far is that they may have to change the documentati= on to match the new design of the command. I feel that if they were designi= ng a new option, they should have made a new command or option, rather than= replacing and removing a very valuable option. =20 If you concur, I encourage you or your teams to contact IBM to raise the is= sue. I would be glad to share PMR and / or DCR numbers that you can referen= ce if you would like. On Thu, 4 Oct 2012 11:53:21 -0700 (PDT) aix@mail.com wrote: > Have you started to use VIO Ser...

Melhor Site de Downloads [ BIG SITE AND LINKS FASTED] #2 #2
www.forumgratiz.com.br www.forumgratiz.com.br www.forumgratiz.com.br Download de : Filmes Games XXX Programas Isso e muito ++ totalmente gratis http://www.forumgratiz.com.br/forumb/index.php?act=3Dreg http://www.forumgratiz.com.br/forumb/index.php?act=3Dreg http://www.forumgratiz.com.br/forumb/index.php?act=3Dreg Somente Registrados Podem Ver os T=F3picos Por Favor Votem Tamb=E9m http://www.topinho.com/index.php?a=3Din&u=3Djeanma= rtins http://www.topinho.com/index.php?a=3Din&u=3Djeanmartins http://www.topinho.com/index.php?a=3Din&u=3Djeanmartins Pois o Site Sobrevive disso. ..=2E ...

Re: SAS/Server Question #2: Outputting server results to Excel #2
In EG4.1 you can right-click on the icon for your SAS table and the second item on the pop-up menu is Export, which has 2 items in a sub-menu (Export <tablename>; and Export <tablename> As a Step in Project ...). Whichever you choose the leads you through a series of dialogues - you just save to Local (rather than SASMain) and as as .xls type. There is no need for Excel on your server or SAS on your PC. Just do the above to the output of your merge/join. HTH -dave -----Original Message----- From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of Don Henderson Sent: Tuesday, 19 December 2006 8:54 AM To: SAS-L@LISTSERV.UGA.EDU Subject: Re: SAS/Server Question #2: Outputting server results to Excel via DDE on my PC Not sure how to do this in one step in EG or even if it can be done. But I think that you can export a SAS table from EG to Excel. So just drag the table to the EG diagram and export it. An alternative if you have either SAS/IntrNet or the Stored Process Server Web Integration Kit is to write a program that runs on the server (either via the SAS/IntrNet Application Dispatcher or the Process Server) and writes CSV content to _webout with a content-type header for XLS. You would then access this via your browser instead of EG. HTH, -don h > -----Original Message----- > From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of > biyectivo > Sent: Monday, December 18, 2006 12:13 PM > To: SAS-L@LISTSERV.UGA.EDU &...

[1 1 1 1 1 ;2 2 2 2 2 ;3 3 3 3 3 3;....;n n n n n]
Hi, Anybody knows how to create this matrix but without using any loops? a=[1 1 1 1 1 ;2 2 2 2 2 ;3 3 3 3 3 ;.......;n n n n n ] Thank you. Hana. Hana wrote: > Hi, > Anybody knows how to create this matrix but without using any loops? > a=[1 1 1 1 1 ;2 2 2 2 2 ;3 3 3 3 3 ;.......;n n n n n ] HELP REPMAT - Randy Hana wrote: > > > Hi, > Anybody knows how to create this matrix but without using any > loops? > a=[1 1 1 1 1 ;2 2 2 2 2 ;3 3 3 3 3 ;.......;n n n n n ] > > Thank you. > Hana. Hope this isn't homework. >> repmat([1:n]'...

Does 4/2/2= (4/2)/2 =1 OR = 4/(2/2)=4
I don't have matlab and I am trying to translate some simple matlab code. Does 4/2/2 = (4/2)/2 = 1 or 4/2/2 = 4/(2/2) = 4 On 9/11/2012 9:43 AM, sarah.englander@gmail.com wrote: > I don't have matlab and I am trying to translate some simple matlab code. > > Does 4/2/2 = (4/2)/2 = 1 yes. At a given precedence level (and obviously two of the same operators are the same level) evaluation proceeds from LtoR. ....snip... <http://www.mathworks.com/help/techdoc/matlab_prog/f0-40063.html#f0-38155> -- dpb <none@non.net> wrote in message <k2njh1$jes$1@speranza.aioe.org>... > On 9/11/2012 9:43 AM, sarah.englander@gmail.com wrote: > > I don't have matlab and I am trying to translate some simple matlab code. > > > > Does 4/2/2 = (4/2)/2 = 1 > > yes. At a given precedence level (and obviously two of the same > operators are the same level) evaluation proceeds from LtoR. > > ...snip... > > <http://www.mathworks.com/help/techdoc/matlab_prog/f0-40063.html#f0-38155> > > -- There are a few thing you need to understand: 1. You need to get matlab in order to translate the simple code 2. You should define your parameters as in what is the expected output of your search based on the equations used: Is it : a) 4/2/2 b) (4/2/2) On 9/11/2012 11:13 PM, Salvinder wrote: .. > There are a few thing you need to understand: > 1. ...

Printing 2^1, 2^2, 2^3, 2^4 and 2^5
Hi, When I use a while loop, the output is: 2 4 8 16 32, as desired: <?php $c=1; while($c<=5) { $d = newpow(2, $c); print "$d "; $c++; } function newpow($base, $power) { // statements... } ?> The But when I use a for loop, the output is: 64: <?php for($c=1; $c<=5; $c++); { $d = newpow(2, $c); print "$d "; } function newpow($base, $power) { // statements... } ?> Why is this?? Many thanks, Michael mejpark wrote: > When I use a while loop, the output is: 2 4 8 16 32, as desired: [...] > The But when I use a for loop, the output is: 64...

Web resources about - Apache 2.2: Reject https for http-only sites on server w/ 1 https site? - comp.infosystems.servers.unix

Google makes Gmail HTTPS-only in a bid to thwart NSA snoopers
Gmail has always supported HTTPS, and even made the communications protocol the default option in 2010. Today Google announces it will always ...

Staying at the forefront of email security and reliability: HTTPS-only and 99.978% availability
... behind the scenes to keep your email safe, secure, and there whenever you need it. Starting today, Gmail will always use an encrypted HTTPS ...

Staying at the forefront of email security and reliability: HTTPS-only and 99.978 percent availability ...
... behind the scenes to keep your email safe, secure, and there whenever you need it. Starting today, Gmail will always use an encrypted HTTPS ...

HTTPS-Only YouTube
I'm not sure if this is really new, but I remember that YouTube only redirected logged-in users to the HTTPS site. Now YouTube redirects everyone ...

Why U.S. Government HTTPS-Only Mandate for Federal Sites Is Key
The OMB aims to provide security and authenticity for all U.S. government Websites by 2016.

Reddit jons the HTTPS-only stampede
Strict Transport Security joins strict new anti-abuse policies Reddit will soon be served over HTTPS only as part of wider moves to secure the ...

Moving t.co to HTTPS only for new links - Announcements - Twitter Developers
On October 1 all new links wrapped with Twitter's t.co wrapper will use the https URL scheme. The https scheme helps Twitter securely deliver ...

Resources last updated: 3/19/2016 5:48:35 AM