Search results

  1. J

    force redirect is not secure yet for HSTS

    About my introduced terms 'early rewrite' and 'late redirect': For me 'early' means the working rewrite to HTTPS by the DA panel before reaching any statement in .htaccess (eg http://www.webhostingtech.nl to https://www.webhostingtech.nl). The introduced and confusing name 'Force Redirect' in...
  2. J

    force redirect is not secure yet for HSTS

    I think your analysis differs from my proposed 'early rewrite' versus 'late redirect'. A security header is formally respected for the first domain name over HTTPS. Analysis and fixing by DA require specialistic knowledge. My defect input, was reported to DA by hostingprovider 'TransIP B.V.' on...
  3. J

    force redirect is not secure yet for HSTS

    @ikkeben Unfortunately this problem from May 2019, has not been solved, see: https://internet.nl/site/www.webhostingtech.nl/1456137/ Reproduction and workaround see: https://webhostingtech.nl/monitoring-hosting/solve-directadmin-issues/
  4. J

    force redirect is not secure yet for HSTS

    Update on 'early rewrite' versus 'late redirect': The ‘Force Redirect‘ for www. or not, needs a change to work until after security headers. The old choice can be correctly included in this way: – None (default) / With www / Without www; – Early rewrite (old) / Late 301 redirect / Late 302...
  5. J

    force redirect is not secure yet for HSTS

    ------------------ We agree that this force redirect is a design issue in control panels. I do not want my own code if GUI DirectAdmin 'guarantees' a way to do the same. Security headers, like HSTS, in a web browser only work with the first domain name via HTTPS. So the design by DirectAdmin...
  6. J

    force redirect is not secure yet for HSTS

    Thanks for your workarounds and new insights. The problem is not purely HSTS related. The rewrite to HTTPS, I think, works correctly in DirectAdmin, before security headers are reached in .htaccess, httpd (or nginx directive). I have understood from internet.nl that security headers in a web...
  7. J

    force redirect is not secure yet for HSTS

    The recent functionality in DirectAdmin to force redirect to subdomain www. or without, is still unstable. According to mail exchange with internet.nl: - The HSTS header is detected at the first contact over HTTPS. - When redirecting to another subdomain, the HSTS header must therefore be...
  8. J

    force redirect is not secure yet for HSTS

    Force redirect to the www subdomain or without www can be chosen. Documented on https://www.directadmin.com/features.php?id=2365 Why is coding in Direct Admin not yet sufficient for HSTS and security headers on internet.nl? I think the coding must be in two steps in order to be secure. Note...
Back
Top