Is there a way to allow access to http:// and https:// on the HOMEPAGE of wordpress site? the default should be https://. So when I type example.com it should redirect to https://example.com but when I enter http://example.com it should not redirect to any link and just use the http version. All links to the images inside the pages should be https://
I have a UC SSL certificate from godaddy
If you want to use just https without any SSL then browsers may often identify you as malware it is recomended not to use this work, but if you are insisting on your decision, so you can edit your .htaccess file and tell which urls you want to be https and which you dont want.and you should change your port thats not easy work...
Again i suggest you not to use this work, cause useing https and http without any ssl is not useful...
Good luck
Related
I search everywhere I found 0 information about this specific redirect.
I have app that I need to use "HTTP" to function, recently chrome started to redirect my app to HTTPS automatically, and If I put HTTPS to HTTP code in my app it cause infinite loop.
My app is not on the HSTS preload domain list, my app and server have no redirect code to HTTPS.
Request URL: http://4444.com/z.txt
Request Method: GET
Status Code: 307 Internal Redirect (from disk cache)
Referrer Policy: strict-origin-when-cross-origin
Cross-Origin-Resource-Policy: Cross-Origin
Location: https://4444.com/z.txt
Non-Authoritative-Reason: DNS
This does not happen on any other browser other than chrome.
Does that mean chrome is targeting my host's dns to make sure all website hosted on the DNS is HTTPS?
If yes I think this is very bad move from google as I can't find any announcement by google that they will start forcing https on websites. This could break many non https sites without prior warning.
If not what can I do to fix this issue?
Thanks
I encountered the same problem just like you, and that situation didn't happen all the time, sometimes when I open another window as incognito mode, the redirect disappeared!Sooooo Annoying:(
And I just tried another way, it seemed to work fine with me!
go to : chrome://net-internals/#dns, and click Clear host cache , then refresh your page, the redirect will be gone!
Even if the "Always use secure connections" (chrome://settings/security) is disabled, chrome will still try to use HTTPS if it finds HTTPS records in DNS, as per #dns-https-svcb flag - "Support for HTTPS records in DNS" (chrome://flags/#dns-https-svcb) - which is enabled by default.
This causes the loop leading to the ERR_TOO_MANY_REDIRECTS with Non-Authoritative-Reason: DNS.
Either remove any HTTPS record from the host zone file or disable the aforementioned flag from chrome.
Did you access websites using VPN? VPN server seems able to force http to https
I know that I am able to write a redirection rule which redirects to HTTPS version if someone sends a request on HTTP version of an URL. But how to implement that if an user wants to visit my site directly using only domain name: example.com, he gets the https:// version without redirect? I also know about HSTS, but I am pretty sure that this can be accomplished only with good .htaccess settings?
You can't.
If you type a URL into a browser without explicitly stating the scheme, then the browser will default to plain HTTP.
The only way to change that would to rewrite the browser the user has installed (or perhaps to have them install a browser plugin).
.htaccess is a recommended against mechanism for configuring Apache HTTPD. The HTTP server you use cannot influence the URL the browser requests (other than by recieving a request and responding with a redirect).
I recently migrated a website to HTTPS using an AutoSSL tool on bluehost. I see some distortions in the content like missing background colors, table displacements, missing_logos etc.
Does anyone know how styling can get effected with HTTPS migration effect?
If you access a website using HTTPS, the browser will block resource requests using HTTP. You should load all resources securely over HTTPS.
You can edit .htaccess file. And to migrate your traffic from HTTP to HTTPS, you require a redirect rule.
So, it's obvious to use .htaccess. I hope you know how to edit such a file.
I will suggest you check this Article How to Force SSL and Manage the non-SSL Page Using cPanel
I have hosted my wordpress blog with openshift. I have a custom domain yourtechchick.com which is mapped to Cname your-techchick.rhcloud.com .
I am using the basic plan and can not upload custom SSL certificate.
How do I redirect https to http so that user never actually has to see security risk or no security certificate risk?
I tried editing .htaccess to redirect http to https but it gives too many redirects or redirect loop in that case.
How do I fix this?
You need to edit your wp-config.php file. You can edit it from the wp dashboard or through ftp.
Find the line that says:
define( 'force_SSL', true );
Change "true" to "false" and save it.
This will disable HTTPS.
How do you tell if a site is an HTTP:// site or an HTTPS:// site? I am just starting to learn some of the more fundamental things about internet security. When you put up a web site is there a special way that you have to set up the html format in the .html files so that the site is secure or is this something that can be purchased from the site provider were you host the web site.
This seems like and easy thing to do but even on stackoverflow what it type in is
stackoverflow.com/questions/ask
There is no HTTP or HTTPS in front of the internet address. Is this implied or is there a way to toggle this on an off in the tools?
HTML Code:
<html lang="en">
<head>
<title>Test Title</title>
</head>
<body>
//...code goes here...
</body>
</html>
Is there something that goes in the HTML that determines whether the site is secure or not? Or is this an option on each page when you host the site.
How do you tell if a site is an HTTP:// site or an HTTPS:// site?
By looking at the URL
This seems like and easy thing to do but even on stackoverflow what it type in is
If you type in something that looks like a URL with the scheme missing, then browsers will assume you intended to put http:// in front of it.
Most browsers will hide the http:// part from the address bar for non-SSL sites.
When you put up a web site is there a special way that you have to set up the html format in the .html files so that the site is secure or is this something that can be purchased from the site provider were you host the web site.
To use SSL you need to have an SSL certificate and the web server needs to be configured to use it.
Beyond that, everything comes down to how the server is configured. You could have different sites hosted on http and https, or the same site, or redirect from one to the other, and so on.
Is there something that goes in the HTML that determines whether the site is secure or not?
No. SSL is dealt with at the transport level, not the document level.
Or is this an option on each page when you host the site.
You could configure a server to redirect the URLs for some pages to HTTPS and some to HTTP. This was typically done to save on CPU power for pages where security wasn't needed. Today, CPU power is much cheaper, so it is normally better to use SSL by default.
To make a site secured (an HTTPS) site you need a certificate and add the proper binding that means including a port and protocol by default https uses port 443 and NO, none of those configurations at server level will affect the files serve like your .html files.
HTTP means Hypertext Transfer Protocol. The "S" is Secure.
There is no special definition you can define to ensure a secure HTTP connection.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
These certificates can be purchased from companies that provide them. This essentially encrypts any data transferred between the server and person it is responding to.
In short, this is determined by the browser, and different browsers have different strategies.
When you visit a site, such as www.abc.com, different browsers will use different default protocols.
Microsoft Edge will first use http to connect to port 80 of the server. If the server is set to redirect, it will send a 301 move permanently message to allow the client to reconnect to the site using https.
But the new version of chrome will directly use https to connect to the site (port 443), if the connection fails, then connect to http (port 80).
https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html
Chrome will now default to HTTPS for most typed navigations that don’t specify a protocol. HTTPS is the more secure and most widely used scheme in Chrome on all major platforms. In addition to being a clear security and privacy improvement, this change improves the initial loading speed of sites that support HTTPS, since Chrome will connect directly to the HTTPS endpoint without needing to be redirected from http:// to https://. For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure). This change is rolling out initially on Chrome Desktop and Chrome for Android in version 90, with a release for Chrome on iOS following soon after.