Add http redirect to https
 

Can you please add http redirect for https site?


For some reason browser defaults to http and trows 404 error.:crazy

But what 404's? The http route works just fine for me. I want the redirect because I'm too lazy to type it out myself :)

The http:// site works fine for me. There's something wrong on your end if it doesn't work.

Making the site redirect http:// redirect to https:// could hurt Amiga browsers. Whether or not that matters is up to RCK and the rest.

Maybe redirect is the wrong word, the default protocol that should be picked if all you type in is "eab.abime.net" should be https. If you type http:// then that should just go to the http site because that is what you specifically ask for.

Redirect is the right word.

The problem is that it would have to be for all non-https requests to eab.abime.net, there's no way to infer the user's intent.

(I believe) the only way to make eab.abime.net "secure", but allow people who insist that it must also be "insecure", would be to move the insecure part to a separate hostname, and also ensure that no cookies will be shared between the two (sharing cookies between secure and insecure sites negates much of the security), and all that would have negative impacts on other things, and stuff.

Maybe there are other options. Maybe there's a header that can tell recent browsers to prefer https. I don't know, I've been out of the game for a while.

I would think that would be a client issue.
It is the browser that decides what protocol to use if you only type in the domain name with no HTTP: or HTTPS:

So that sounds like a browser issue.
As mentioned, a redirect on the server side would probably break all HTTP, because it would be redirecting it to HTTPS.

You'd think so, but no, https-first is a new thing, and relies on people running up-to-date software (on an Amiga forum). The only way to fix security is to do it on the server side. Clients can't be trusted.

As far as i know there are only two methods to do that on the server-side. Port redirect and HSTS. Both do not allow optional HTTP.

I'm not sure what you could mean by "port redirect", but HSTS looks like the magical header that I'd hoped for a couple of posts ago. It still requires that HTTP exists though, and that it doesn't emit any cookies or private information.

Server redirection of port 80 (http) to 443 (https) via http/301 or similar.
You enter the site by "http://" and the server replies with "Go to https:// instead" and your browser does so.

If the below quote is true its probably not what we want. Firefox has a file in the profile folder (SiteSecurityServiceState.txt) that remembers the server-side requested hsts/https state (for a specific time). If that entry is valid there is no way to enter the site by http (that's enforced by the client/firefox. That's how HSTS is intended).
Edit: On the other hand, Amiga browser is not Firefox. It could theoretically ignore HSTS. But that's a quirk. Getting 'hurt by redirection' is a major quirk as well though. I can't tell anything about Amiga browsers though. Not sure what's wrong with them.

Reason I posted this as I had the same thing happen on 3 computers (work, gaming and laptop I use at home) and after further check, it seems it is one of cookies that caused 404 - Page not found error. Removing cookies fixed this.

If anyone else has the same problem, just remove cookies.

I still think that https should have president over http access to site. (be first to be reached if you just type eab.abime.net )

HTTPS versus HTTP should be decided by the browser if you don't explicitly specify that you want one or the other. Not everyone accessing this site has a browser that does HTTPS, especially if they're connecting from their Amiga.

It seems 404 error on EAB is not linked to https at all. At least, not for me.
And no link with cookies either.

If i try :
http://eab.abime.net/
then i get 404.

But if i do :
http://eab.abime.net/index.php
then it works...

Same here (Firefox 96)...

Both do work - Firefox, Chrome and Edge. And IB2.4 on WinUAE...

In this other thread 404 problems are being linked specifically to Firefox usage

When using https, yes. using http://eab.abime.net on firefox results in 404 - I'm pretty sure that wasn't the case a week ago.

Http works properly here as well. Maybe try a new Firefox profile for testing.
The forum was down for 24h some days ago (the IRC server seems still down. At least the top banner has it still removed). Maybe there are still side-effects out there.

http://eab.abime.net/ redirects to https on my Firefox as I checked.

I won't force any https:// redirection on server side.
EAB is available to full HTTP or full HTTPS :

http://eab.abime.net/
https://eab.abime.net/

I just tested both url with Firefox 96 and Chrome 97 without any problem :)
So if your browser don't let you access the HTTP version, clean your cache and reset your privacy options.

edit: see FF96 screenshot with http://eab.abime.net