Well, it’s possible to redirect every http connection to an https one on every web server I’ve used. Since I’m not familiar with your setup, I can’t advise how, but it’s normally pretty simple if you have access to the configuration.
Most sites would then redirect you to the HTTPS version. But the SDMB no longer seems to do that. I do have at least one bookmark to an old HTTP version, and it used to take me to the HTTPS version. Now it doesn’t.
This does have the advantage that, if there are any other certificate errors, you could still reach the site by going to the HTTP version. But it also means some people may see the “Not Secure” indicator if they are on the HTTP version. And passwords would be sent in the clear.
Personally, I like the idea of maintaining a distinction between HTTP (insecure) and HTTPS (secure) sites, but that does not seem to be the direction the Internet is going.
For what it’s worth – the SDMB did use to redirect you to the secure site, but I just checked five or six other forums (including the Giraffe boards) and they all either don’t have security credentials at all (So going to the https site results in an error/warning) or do have an S site but don’t redirect you (Giraffe Boards, for one!). So the SDMB is par for the course on this.
Yeah, that “expert” sounds like a real mouthbreather.
As I mentioned in an earlier post, and as others have mentioned, it should be possible to configure the server to redirect all requests, both https and http, to https. Other sites do this. Surely your tech folks can figure it out.
I was until I changed my bookmark to https. Although this problem needs to be fixed at the server level, at the individual level it’s pretty simple.
I just did some experiments.
http://www.straightdope.com automatically redirects to https.
boards.straightdope.com does NOT do this. If you type it in starting with http (or without a prefix) it returns a non-secure http page.
At least all of that is true for me.
So it looks like the “www” subdomain works as it should and always returns a secure page, but the “boards” subdomain only returns a secure page if you specifically request one by specifying https.
The server is apparently misconfigured so that only the www subdomain redirects to https. Or maybe the two subdomains are on different servers and only the one is configured properly.
It’s definitely possible, and something that TPTB should absolutely do. And as a few people said, the Dope used to redirect us just fine. OTOH, it does seem that many other sites have the same issue.
Configuring the server properly can be tricky but not too difficult if you know what you’re doing, but It can be easy to miss the fact that it’s not working on all subdomains.
I did some more research. The two subdomains, “www” and “boards”, resolve to two different IP addresses, so they’re probably on different servers.
“boards” looks like it’s being served from a virtual machine using Google’s cloud service. So the virtual machine is probably not configured properly.
At least I hope that misconfiguration on our end is the problem. I’d hate to think that Google’s cloud service would have such an egregious bug, but anything’s possible.
I wouldn’t call allowing access to the http site a “bug”. There are valid reasons to access a site through an http connection.
Sure, but why would they configure the SDMB to be accessible via http?
When I called it a bug I was talking about the possible case where the SDMB’s tech people have it configured to always redirect to https (which is how it should be) but a bug is preventing that from happening.
Of course I don’t know that that’s the case. I’m speculating. The more likely case is that the SDMB techs have it misconfigured.
It’s possible these old style forums are the exception, but most sites in general do redirect you if you go to the HTTP site. Try going to http://en.wikipedia.org or http://www.google.com or http://reddit.com or http://twitter.com and so on.
And here’s a link to GoDaddy flat out saying you NEED to redirect it: Redirect HTTP to HTTPS automatically | Linux Hosting (cPanel) - GoDaddy Help US
It doesn’t have anything to do with Google cloud services. Google isn’t managing the SDMB’s server(s), it’s just running on their virtual machine platform.
The reason the “Not Secure” message appears in Chrome is that Google programmed the message to appear for all pages served over HTTP, with the enhanced red warning appearing if you start to type data into to the page. In the past, Chrome and other browsers would not do this. The change was rolled out for Chrome version 68, in July 2018. In other words, the very same website and configuration would not be flagged with the warning prior to v68, and be flagged in v68 and newer.
For some reason, perhaps related to the SSL certificate change that occurred earlier, the redirect to-HTTPS configuration was lost. It appears to have been restored.
Yep, I just typed http://boards.straightdope.com and it loaded the https version of the site so it looks to have been fixed. And I was using Chrome.