> On Sep 26, 2017, at 5:04 PM, Matthew Butterick <m...@mbtype.com> wrote: > > What about the new HTTP port that the Racket web server has opened? > Should that be secured somehow (e.g., firewall)?
Yes. For any server exposed to the internet, you want to make sure to only whitelist the appropriate ports. In fact, to elaborate a little bit more: what you probably want to do is only support HTTPS, but you will not want to only listen on port 443, since that means people who attempt to connect over HTTP will get a failed connection error. You can’t just proxy HTTP to HTTPS, since that would mean the connection between the client and the server will be unencrypted, which defeats the whole purpose. What you will want to do instead is automatically redirect any users who use HTTP to the equivalent HTTPS locations by issuing HTTP 301s. This way, browsers and other user agents will automatically be “promoted” to HTTPS after an initial HTTP request. You can do this by configuring an Apache virtual host to listen on port 80, then redirect all traffic to an https:// prefixed URL, which will then be handled by the other virtual host listening on 443. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
