why Let's encrypt with latest Win ecma doesn't secure all of mine pages?
https://jepsano.net/ is secured, pages under main also https://jepsano.net/2020/05/10/cernobylska-havarie-prepis-od-martina-roty-z-vedeckeho-kladiva/ but older pages not: https://jepsano.net/2014/03/28/moje-prvni-cwg/
Thanks for explanation
If you use F12 to open the developer tool, you will see this:
So please change these image's source link to https instead of http.
Related
Mozilla recommends Brackets as a text editor for beginners (Link). After clicking the link Chrome states that the website isn't secure. Can others confirm that Brackets software and their website is safe to use?
If you click on Advanced you may find the answer to your question:
As you can see, the certificate is rather issued for a different part of the site (listed in the above screenshot).
The authors have kept the content of the documentation on GitHub (http://brackets.io/) because they judge the static pages do not need HTTPS. However, they hosted the .deb file safely (try to download it).
Conclusion: visit http://brackets.io/ both to read the documentation and download the .deb file safely
everyone.
I need to lock website for downloading via some windows tools and wget.
The site consists of js, html and php files.
I googled about security resource sharing, but it did not helpful for me.
Thank you.
As long as at the same time you need to have your website online available for everybody, this is not possible. If someone visits your site, the browser needs to access all files, in other words download them. You might be able to apply a few hacks to make it more difficult, but you can not prevent it completely.
If you want to restrict it to a defined audience, you can implement a login using for example HTTP Auth. How this can be achieved depends on your hosting. It might be doable using an .htaccess file in your web root or maybe through the admin interface of your hoster.
Your PHP file should be safe by the way, the above said applies to the public parts of your site (HTML/CSS/JavaScript/Images/...).
I am working on a web development project and I was testing it primarily on Firefox. However, when I tried it on Google Chrome, it would not load completely and Chrome would warn me that the site had "insecure content". After searching for answers, I was advised to make my website use "https" rather than "http". I do not know much about SSL or anything like it, but I followed a set of instructions for setting up Apache to work with SSL. The instructions are here:
https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
I followed them. The good news is, my website is accessable by https. The bad news is, unless https is typed, the website is inaccessible. On top of that, both Chrome and Firefox present messages saying "this certificate is not trusted", which is ironic, since I only did any of this to secure the site in the first place.
Can anyone show me where I went wrong or give a more complete explanation of what's going on? I am working on Ubuntu 12.10 with Apache 2 and PHP5.
you can search online to get the best SSL vendor and use that we use symantec at work http://www.symantec.com/theme.jsp?themeid=compare-ssl-certificates
use the below javascript to redirect http to https.
window.location.replace("http://stackoverflow.com");
"this certificate is not trusted" message is due to the fact that you are using a self-generated certificate. SSL uses a trusted third party (certificate authority) to ensure secure communication. You will need to purchase a certificate from one of these for your production environment. Simple google SSL certificate and you will get a whole bunch of options.
I would really like to check out the source code of some website. They have a mobile detection script of some sort I guess, when you visit said website it redirects you to a mobile version (nope, entering the URL that they redirect me to in my browser doesn't work).
How can I pretend my computer is an iPhone or HTC or whatever?
Install this add-on for firefox which will let you change the user-agent string.
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
You may also like to try and OPEN the page in TEXT pad
Here is a simple version I did up for a client
http://www.baccus.net.au/m/index.php
NOTE that it strips the PHP and just leaves the HTML component
You can then SAVE AS html page and see what the page looks like.
You may need to do a BASE HREF to keep the full path and there are often problems with many CMS systems, but this will get you over the line quickly.
Hope this helps
if you are using PHP try this $_SERVER['HTTP_USER_AGENT']
you get phone company + model + browser info or os info !
The link in the accepted answer no longer exists. The recommended alternative currently:
https://addons.mozilla.org/en-GB/firefox/addon/user-agent-string-switcher/
We have a CMS system whose web interface gets served over HTTPS. This works beautifully for Firefox, but when we load it in IE6 or IE7, it complains that "This page contains both secure and nonsecure items."
I've loaded the page in Firefox and checked with Firebug, and every connection seems to be going through HTTPS, as should be the case.
Is there any way to tell what is causing IE to throw this apparently spurious error?
Firefox has a number of bugs in mixed content detection. Generally you should try using Fiddler to spot insecure resources.
If you install a tool I wrote (www.bayden.com/dl/scriptfreesetup.exe) you will get a different mixed content prompt which shows the exact URL of the first insecure resource on the page. That tool is basically a prototype and you should uninstall it when you're done with it.
Use Fiddler to watch the traffic between the server and IE.
Be sure to go to Tools > Fiddler Options... > HTTPS > and check 'Decrypt HTTPS traffic'
Any non-HTTPS traffic generated between any server and IE should be easy to spot in the Web Sessions list.
I used Eric's tool (thanks Eric you saved me hours...) and it turns out that IE6 treats a background image specified with a relative path as nonsecure content. Even though it actually requests it over https. So if you're stumped - converting your relative paths to absolute ones might really help...
Are one or more resources (CSS url-image ref overlooked easily) pointing to a subdomain that's not covered by the certificate (https://www.example.com vs https://static.example.com)?
If you can't see anything that isn't using SSL, then this is usually down to a broken SSL certificate somewhere. I don't know of anything off-hand that will tell you what exactly what the problem is, but you can get a list of everything that's loaded easily enough.
The media tab on Firefox's 'page info' dialog (right click on the page) will do it, it might also be worth having a go with Fiddler (which is an excellent, and extremely useful piece of software).