httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31289] - Option to disable "You're speaking plain HTTP to an SSL-enabled server port"
Date Sun, 19 Sep 2004 21:15:21 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31289>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31289

Option to disable "You're speaking plain HTTP to an SSL-enabled server port"





------- Additional Comments From list@noduck.net  2004-09-19 21:15 -------
The same way you could argue that an FTP server should recognize when you use
HTTP to talk to it. Instead, when you try that, the FTP server will give you a
FTP protocol error (not an HTTP error). I want to have an HTTPS-only server, if
any error is generated, it should be HTTPS.

The reason is simple, so that it is less obvious that there is a web server
there. Yes, this is some kind of security through obscurity. The goal is to
attract less attention from automated scripts.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message