On July 12, 2012 12:20 , Nick Kew wrote:
1. An HTTPS proxy.
Browser will warn you in no uncertain terms. You'd need a bit of
social engineering:
The browser won't warn you and you won't need social engineering if the
certificate presented by the proxy is signed by a CA trusted by the
user'
On Thu, Jul 12, 2012 at 11:20 AM, Nick Kew wrote:
> On Thu, 12 Jul 2012 11:32:01 -0400
> Mark Montague wrote:
...
>> HTTPS makes it harder to do man-in-the-middle (MITM) attacks, but MITM
>> attacks are still possible against HTTPS.
...
> Up to a point, Lord Copper.
...
>> If I were in your situa
On Thu, 12 Jul 2012 11:32:01 -0400
Mark Montague wrote:
> On July 12, 2012 11:03 , Tom Browder wrote:
> > I like the "friendly" approach, but I made the statement. "I want to
> > have NO http traffic on my site," because I saw in a post from a
> > Mozilla Persona site a reference to another li
On July 12, 2012 11:03 , Tom Browder wrote:
I like the "friendly" approach, but I made the statement. "I want to
have NO http traffic on my site," because I saw in a post from a
Mozilla Persona site a reference to another link that there is a
possibility of a man-in-the-middle attack using it.
If you want no traffic, don't listen.
Block on firewall w/ tcp-reject and don't use Apache to listen to http.
A more "friendly" way is to redirect VIA firewall all --dport 80 to --dport
443.
2012/7/12 Tom Browder
> On Thu, Jul 12, 2012 at 9:08 AM, Mark Montague wrote:
> > On July 12, 2012 8:0
On Thu, Jul 12, 2012 at 9:08 AM, Mark Montague wrote:
> On July 12, 2012 8:02 , Tom Browder wrote:
>> On Thu, Jul 12, 2012 at 6:37 AM, Nick Kew wrote:
>>> On 12 Jul 2012, at 12:02, Tom Browder wrote:
>>>
I want to have NO http traffic on my site. Is this the correct way to...
...
> Nick's
On July 12, 2012 8:02 , Tom Browder wrote:
On Thu, Jul 12, 2012 at 6:37 AM, Nick Kew wrote:
On 12 Jul 2012, at 12:02, Tom Browder wrote:
I want to have NO http traffic on my site. Is this the correct way to
No.
I see lots of mixed http/https setups, but no
single solution for https only i
On Thu, Jul 12, 2012 at 6:37 AM, Nick Kew wrote:
>
> On 12 Jul 2012, at 12:02, Tom Browder wrote:
>
>> I want to have NO http traffic on my site. Is this the correct way to
>
> No.
Thanks for the reply, Nick. I have a stack of Apache security books
(as well as your modules book), but I am looki
On 12 Jul 2012, at 12:02, Tom Browder wrote:
> I want to have NO http traffic on my site. Is this the correct way to
No.
The Listen directive determines whether you serve HTTP traffic.
What you have only affects how you respond to HTTP traffic once
you have already accepted it.
--
Nick Kew
I want to have NO http traffic on my site. Is this the correct way to
ensure I serve everything on my site via https:
ServerName tb.com
ServerAlias *.tb.com
Redirect permanent / https://tb.com/
...
Thanks so much.
Best regards,
-Tom
10 matches
Mail list logo