HSTS

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

HSTS

Post by RiptideTempora on Mon Dec 24, 2012 9:31 pm
([msg=71829]see HSTS[/msg])

Could you add an Hypertext Strict Transport Security header in the server config so compatible browsers will always redirect to https://www.hackthissite.org instead of http://www.hackthissite.org ?
RiptideTempora
New User
New User
 
Posts: 23
Joined: Sun May 06, 2012 3:36 pm
Blog: View Blog (0)


Re: HSTS

Post by Kage on Wed Dec 26, 2012 3:10 pm
([msg=71849]see Re: HSTS[/msg])

Directive added to the load balancer and CDN.
~ Kage ~

HackThisSite Manager
User avatar
Kage
Administrator
Administrator
 
Posts: 149
Joined: Sat Apr 12, 2008 11:07 pm
Location: Inside The HTS Servers
Blog: View Blog (0)


Re: HSTS

Post by fashizzlepop on Wed Dec 26, 2012 8:58 pm
([msg=71853]see Re: HSTS[/msg])

I think a staff blog post may be in order?
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: HSTS

Post by Kage on Wed Dec 26, 2012 9:47 pm
([msg=71854]see Re: HSTS[/msg])

Not really. I'd check this off as one of many 'silent updates'; little changes I make to tune the infrastructure that go relatively unnoticed. If I did a blog post about every little tuning I do, I'd be posting four or five times a day, every day or two.

I am noticing now that Chrome has re-cached HTS, it's automatically forcing me to use SSL, just from the HSTS header. That's kind of really neat. This is great because it forces SSL where supported browsers understand the header, but doesn't require SSL (such as a 301 redirect).

Excellent suggestion, Riptide. Thank you kindly.
~ Kage ~

HackThisSite Manager
User avatar
Kage
Administrator
Administrator
 
Posts: 149
Joined: Sat Apr 12, 2008 11:07 pm
Location: Inside The HTS Servers
Blog: View Blog (0)


Re: HSTS

Post by mShred on Thu Dec 27, 2012 12:32 am
([msg=71857]see Re: HSTS[/msg])

Yeah, I was the one who liasoned Riptide's idea to Kage.. Credit taken, of course.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1742
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)



Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests