Fix for HTTP to HTTPS Redirect

      No Comments on Fix for HTTP to HTTPS Redirect

I have had to fix HTTP redirect issues that was preventing non-encrypted traffic from automatically escalating to HTTPS.

DIAU.NET and its services are intended to be  used with HTTPS + SSL certificates in order to keep any potential data collection out of the hands of hackers, government, law enforcement agency’s, spammers, advertisers and data miners, HTTP traffic is vulnerable as it sends all data INCLUDING PASSWORDS/USERNAMES in PLAIN TEXT. HTTPS + SSL prevents this by encrypting the traffic both ways, to and from the servers/clients.

Any traffic directed to the HTTP end will now forcefully upgrade to HTTPS.

Due to a specific vulnerability in the HTTP to HTTPS redirects it is possible that a upgrade redirect can get man in the middle attacked, it is highly recommended to never use the auto redirect in the future by always using — HTTPS://DIAU.NET — instead of – HTTP://DIAU.NET –

  • HTTPS://DIAU.NET is the correct way to visit this site in the future, please update your bookmarks to this.
  • HTTP://DIAU.NET Is NOT TO BE USED, PERIOD! NEVER, it sends data in plain text and is not appropriate for any use on our systems. HTTP traffic will now automatically upgrade to HTTPS if attempted but please don’t rely on this as it is vulnerable to upgrade attacks via a man in the middle attack.

Leave a Reply

Your email address will not be published. Required fields are marked *