HTTPS links to the root page of the wiki get redirected to an HTTP page, losing security:
https://wiki.nesdev.com
A direct link to any article, however, takes me to an HTTPS page as expected:
https://wiki.nesdev.com/w/index.php/Nesdev
I presume that whatever's at the root page contains a hardcoded redirect to http://wiki.nesdev.com/w/index.php/Nesdev_Wiki rather than something that preserves the security protocol?
HTTPS link to root page redirects to HTTP?
Moderator: Moderators
- rainwarrior
- Posts: 8734
- Joined: Sun Jan 22, 2012 12:03 pm
- Location: Canada
- Contact:
-
- Posts: 1318
- Joined: Thu Apr 23, 2009 11:21 pm
- Location: cypress, texas
Re: HTTPS link to root page redirects to HTTP?
It seems to be still redirecting to http.
Maybe this page could provide the needed addition to the .htaccess file used for wiki.nesdev.com. It seems to me, after reading arkascha's reply, that replacing the http://, in wiki.nesdev.com's .htaccess's RewriteRule line, with %{REQUEST_SCHEME}:// would allow https://wiki.nesdev.com to redirect to https://wiki.nesdev.com/w/index.php/Nesdev_Wiki bc REQUEST_SCHEME must be the server's variable that holds the user-entered http or https.
Am definitly not an .htaccess champion, but this seems like it is worth trying to me.
p.s. maybe a redirect to ftp://wiki.nesdev.com/w/index.php/Nesdev_Wiki from ftp://wiki.nesdev.com would be kind of weird, but, if you you want to, I'm sure those types of REQUEST_SCHEME can be prevented.
Maybe this page could provide the needed addition to the .htaccess file used for wiki.nesdev.com. It seems to me, after reading arkascha's reply, that replacing the http://, in wiki.nesdev.com's .htaccess's RewriteRule line, with %{REQUEST_SCHEME}:// would allow https://wiki.nesdev.com to redirect to https://wiki.nesdev.com/w/index.php/Nesdev_Wiki bc REQUEST_SCHEME must be the server's variable that holds the user-entered http or https.
Am definitly not an .htaccess champion, but this seems like it is worth trying to me.
p.s. maybe a redirect to ftp://wiki.nesdev.com/w/index.php/Nesdev_Wiki from ftp://wiki.nesdev.com would be kind of weird, but, if you you want to, I'm sure those types of REQUEST_SCHEME can be prevented.
Re: HTTPS link to root page redirects to HTTP?
@rainwarrior Your theory is pretty much correct. I don't maintain the site any longer, but when I did, pretty sure that was the exact situation. It's just a configuration redirect that needs to be modified to retain the URI scheme (see below).
To be clear, the way the redirections work is as follows -- there are actually two redirects involved, but it happens fairly quickly so you don't notice it:
http://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> HTTP 302 --> https://wiki.nesdev.com/w/index.php/Nesdev_Wiki
https://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> same as above
The stuff under /w/ is all MediaWiki; that's just how the site was set up long ago.
@unregistered -- As for .htaccess -- I do not know if the server running the site and wiki still uses Apache. It did when I helped maintain it and had shell access, but BootGod revamped things heavily (there's now an intermediary proxy running nginx that inserts ads and other stuff), so I dunno if Apache is still involved or if he switched the back-end to nginx+php-fpm. If it's using nginx+php-fpm: nginx does not have .htaccess support, and such redirections have to be done in the nginx configuration natively by the systems administrator. If it is still using Apache, then it's either an httpd.conf redirection, an .htaccess redirection either through one of mod_alias's Redirect* directives or through mod_rewrite's Rewrite* directives (the latter are more CPU intensive and complicated and shouldn't be needed to retain URI scheme), possibly done in PHP, etc... Just too many situations to cover. I can't remember if the site used mod_alias or mod_rewrite directives.
In other words, in Apache-speak, all you really need to do is something like this for the wiki.nesdev.com VirtualHost using mod_alias and the URI scheme gets retained regardless of which you use, since the destination of the redirect isn't a full URI thus "path relative":
Most people end up writing awful redirection directives (especially in mod_rewrite) that complicate matters greatly. Less = better. If I still maintained the server/etc. this is literally a 10 second task, heh. :)
To be clear, the way the redirections work is as follows -- there are actually two redirects involved, but it happens fairly quickly so you don't notice it:
http://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> HTTP 302 --> https://wiki.nesdev.com/w/index.php/Nesdev_Wiki
https://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> same as above
The stuff under /w/ is all MediaWiki; that's just how the site was set up long ago.
@unregistered -- As for .htaccess -- I do not know if the server running the site and wiki still uses Apache. It did when I helped maintain it and had shell access, but BootGod revamped things heavily (there's now an intermediary proxy running nginx that inserts ads and other stuff), so I dunno if Apache is still involved or if he switched the back-end to nginx+php-fpm. If it's using nginx+php-fpm: nginx does not have .htaccess support, and such redirections have to be done in the nginx configuration natively by the systems administrator. If it is still using Apache, then it's either an httpd.conf redirection, an .htaccess redirection either through one of mod_alias's Redirect* directives or through mod_rewrite's Rewrite* directives (the latter are more CPU intensive and complicated and shouldn't be needed to retain URI scheme), possibly done in PHP, etc... Just too many situations to cover. I can't remember if the site used mod_alias or mod_rewrite directives.
In other words, in Apache-speak, all you really need to do is something like this for the wiki.nesdev.com VirtualHost using mod_alias and the URI scheme gets retained regardless of which you use, since the destination of the redirect isn't a full URI thus "path relative":
Code: Select all
RedirectMatch "^/?$" "/w/"
-
- Posts: 1318
- Joined: Thu Apr 23, 2009 11:21 pm
- Location: cypress, texas
Re: HTTPS link to root page redirects to HTTP?
I bet it was a typo, but http never redirects to https... for me at leastkoitsu wrote:To be clear, the way the redirections work is as follows -- there are actually two redirects involved, but it happens fairly quickly so you don't notice it:
http://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> HTTP 302 --> https://wiki.nesdev.com/w/index.php/Nesdev_Wiki
https://wiki.nesdev.com/ --> HTTP 302 --> http://wiki.nesdev.com/w/ --> same as above
Really cool! Thank you for sharing! My suggestion was just to change RewriteRule's "http" to "%{REQUEST_SCHEME}", but I had never read about RedirectMatch... you seem like an .htaccess champion, koitsu, and so I hope the nesdev wiki is hosted on an apache server.koitsu wrote:In other words, in Apache-speak, all you really need to do is something like this for the wiki.nesdev.com VirtualHost using mod_alias and the URI scheme gets retained regardless of which you use, since the destination of the redirect isn't a full URI thus "path relative":
Most people end up writing awful redirection directives (especially in mod_rewrite) that complicate matters greatly. Less = better. If I still maintained the server/etc. this is literally a 10 second task, heh.Code: Select all
RedirectMatch "^/?$" "/w/"
Re: HTTPS link to root page redirects to HTTP?
The recommended fix is to edit LocalSettings.php to make $wgServer scheme-relative.
Code: Select all
// Replace this
$wgServer = "http://wiki.nesdev.com";
// with this
$wgServer = "//wiki.nesdev.com";
-
- Posts: 1318
- Joined: Thu Apr 23, 2009 11:21 pm
- Location: cypress, texas
Re: HTTPS link to root page redirects to HTTP?
WOW, that's a great very specific fix... even 5 less characters! Extremely impressive tepples!tepples wrote:The recommended fix is to edit LocalSettings.php to make $wgServer scheme-relative.Code: Select all
// Replace this $wgServer = "http://wiki.nesdev.com"; // with this $wgServer = "//wiki.nesdev.com";
"scheme-relative" is so cool!
- rainwarrior
- Posts: 8734
- Joined: Sun Jan 22, 2012 12:03 pm
- Location: Canada
- Contact:
Re: HTTPS link to root page redirects to HTTP?
It's several years later and this hasn't ever changed by the way, though just today I realized I could avoid the annoyance of getting redirected to http by changing my bookmark from:
https://wiki.nesdev.com/
To:
https://wiki.nesdev.com/w/index.php/Nesdev_Wiki
https://wiki.nesdev.com/
To:
https://wiki.nesdev.com/w/index.php/Nesdev_Wiki