What is the meaning of crossed https in url of sites - url

What is the meaning of https which is crossed by two horizontal lines in the website url ?

http (Hypertext Transfer Protocol) is a system for transmitting and receiving information across the Internet. It is a simple request, and a response procedure is followed on the internet so that information can be easily, accurately and quickly exchanged between servers and software's which are trying to access it.
HTTPS URLs begin with "https://" and use port 443 by default, whereas HTTP URLs begin with "http://" and use port 80 by default.

Related

Specifying an IP Address in FireMonkey TWebBrowser

The FireMonkey TWebBrowser component allows the developer to specify a local file (file://...) or a URL (https://www...). However, there seems to be no way to get the browser to work by specifying an IP address (192.168.1... or http://192.168.1... etc.) The browser just appears to hang.
Is it possible to specify an IP address with this component?
I'm currently using Delphi 10.4.2 developing for iPhone. Safari on the same phone has no problem accessing 192.168.1... addresses.
Navigating to Websites using HTTPS protocol and IP address will be blocked in most browsers. Why? Website certificates that are used to confirm validity of specific website are domain based and not IP based.
This means that the Website will be treated as safe only when you navigate to it by using valid domain for which the website digital certificate was issued.
But when you try to navigate to such site using IP address of a server on which it is hosted most browsers will mark the site certificate as invalid and thus stop the navigation to such site. This is to prevent you from being redirected to another server that does not belong to specific domain for which web certificate has been issued.
PS: You can test this even with your default browser. Try navigating to a HTTPS site using URL using format https://x.x.x.x:443.
Note how I added 443 to the end of the specified URL. 443 is a default HTTPS port. Not specifying this port number as part of URL most browsers will always try to navigate using port 80 that is used for HTTP despite the fact that you specified HTTPS protocol in your URL.
Now if the website supports both HTTP and HTTPS protocols you may end up on HTTP site despite the fact that you specified HTTPS protocol in your URL.
And if that HTTP website offers automatic redirect to HTTPS site you may in the end actually end up on HTTPS version of that site. But it won't be HTTPS site containing the IP address you specified but instead the proper domain name of that site.
You can see this by trying to navigate using the above mentioned approach to https://142.250.180.174/ which is actually server for google.com.
NOTE: Not all Websites support this. For instance you can't reach HTTPS site of embarcadero.com using such approach.

Moving webservice with http and https

I have implemented services calling with http.
now services layers is moving to https.
At client side do i need to change any thing or
rename all url http to https
Need small clarification on this.
There is nothing special that you need to do. Just change "http://" to "https://" and your connection will be secured by SSL.
You can, optionally, add steps to validate the authenticity of the certificate being used (eg CA validation). But simply adding the "s" will ensure that the traffic is encrypted.
You should not change http scheme to https on client application. The way is that when your client app comes to your http (80) port your should redirect it to https (443) port by putting Location header in HTTP response.
In next versions of your client app you may have to change your protocol directly to https in order to avoid unnecessary traffic and server requests.

Complete URL in HTTPS connections

I would like to know some connections that depart from my application.
So I use a proxy (in particular I'm using Charles for OSX) This works fine.
I have noticed that some of these connections are HTTPS (TLS). This is ok, but for these connections, I can only see the base URL and not the complete URL that is invoked. For example I can read: https://www.thewesite.com:443
I would expect not to see the body of the request but at least the header, and then also the whole URL I would expect to see it.
is that correct? is there a way to display the complete URL?
Since URL and the rest of the HTTP header are inside the encrypted connection you would need to enable SSL Proxying (that is Man-In-The-Middle attack) for the specific hosts. See http://www.charlesproxy.com/documentation/proxying/ssl-proxying/

Elastic Load Balancer on port 443 works for forced SSL Ruby On Rails application, but why?

My ruby on Rails application is configured with the following:
config.force_ssl = true
And I set up the following elastic load balancer:
With this configuration everything works, but I do not understand why? with the code above, my application instance will return a 301 redirect in response to HTTP request. When the HTTP request is handled by the load balancer, it is forwarded on to to the instance as a HTTP request. Shouldn't this result in another 301, and therefore an endless loop?
EDIT
I thought a bit about my answer and decided to get in to some more detail with it.
Network communication is usually composed of several layers, among which are the physical layer, which is the cable/radio channel where information travels through, the transport layer which is often TCP/IP, the protocol layer which in our case is usually HTTP or HTTPS and finally the application layer which is what our rails app handles.
Rails usually never gets in touch with the actual HTTPS data stream, as this is handled by your webserver. So how does force_ssl work at all?
The protocol layer is handled by the webserver (nginx, mongrel...) and this is who could care first about forcing ssl. When the webserver hands over a request to the application layer (hence, the rails app), it also provides a lot of meta data, which includes requester IP, request path, request format, a lot of header variables and also information about the used protocol.
When a request arrives at your webserver on port 443 (and uses HTTPS protocol), the webserver sets the header flag SERVER_PROTOCOL to https.
If a proxy server (like load balancer is) receives a request on 443 and forwards it to 80, it adds the X-FORWARDED-PROTO=https header to the request, which is made available for your rails app by the webserver.
Now, long story short: config.force_ssl requires SERVER_PROTOCOL OR X-FORWARDED-PROTO to denote https.
ORIGINAL ANSWER
The rails force_ssl method does not really force a request to arrive on port 443 on your server, it is satisfied when the original (client) request was sent over ssl through the internet. The load balancer (as a proxy) sets the header X-FORWARDED-PROTO to "https". rails trusts that information and that is why this is working.
More info on that can be found in the elastic load balancer docs: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-for

Delphi idWHOIS with Web proxy

Good day,
Please help with an example of how to use idWHOIS via a web proxy?
I want to make whois calls anonymously using free web proxies.
Why is it so simple with idHTTP component that have ProxyParams but with idWHOIS not?
I am really clueless :)
See my attempted code snipped:
procedure TForm2.Button2Click(Sender: TObject);
var
ProxyHTTP :TIdConnectThroughHttpProxy;
Proxy :TIdCustomTransparentProxy;
begin
ProxyHTTP := TIdConnectThroughHttpProxy.Create(Self);
Proxy := TIdCustomTransparentProxy.Create(Self);
Try
{ idIOHandler.TransparentProxy := Proxy;
Proxy.Host := 'whois.ausregistry.net.au';
Proxy.Port := StrToInt('43');
Proxy.IPVersion := ID_DEFAULT_IP_VERSION;
// Proxy.Connect(idIOHandler, edtProxy.Text, StrToInt(edtPort.Text), ID_DEFAULT_IP_VERSION);
// Proxy.Enabled;
Proxy.ChainedProxy := ProxyHTTP;
}
idIOHandler.TransparentProxy := ProxyHTTP;
ProxyHTTP.Host := edtProxy.Text;
ProxyHTTP.Port := StrToInt(edtPort.Text);
ProxyHTTP.IPVersion := ID_DEFAULT_IP_VERSION;
ProxyHTTP.OnStatus := ProxyHTTPOnStatus;
ProxyHTTP.Enabled;
ProxyHTTP.Connect(idIOHandler, edtProxy.Text, StrToInt(edtPort.Text), ID_DEFAULT_IP_VERSION);
Memo1.Clear;
Memo1.Update;
Memo1.Lines.Text := idWhois.WhoIs(edtDomain.Text + '.com.au');
Finally
idIOHandler.Close;
idWhois.Disconnect;
Proxy.Free;
ProxyHTTP := TIdConnectThroughHttpProxy.Create(Self);
End;
end;
1st of all - do you use whois or http protocol ?
there are native whois services working via their native protocol.
and there are WWW front-ends, that let you make whois requests and vew results in WWW browsers like MSIE (Microsoft Internet Explorer).
Obviously you should be able to connect to latter via HTTP-proxy.
WWW here is monicker for several related technologies used together: HTTP + SSL/TLS + WebDAV + HTML + CSS + JS, etc. So, HTTP proxy may be considered subset of HTTP which is subset of WWW
And not be able to connect to former, for whois is not part of WWW blob.
Same thing for example is with e-mail, which is out of WWW realm as well:
there are mail programs, connecting directly by IMAP/POP/SMTP protocols and corresponding ports,
and there are WWW front-ends like Yahoo and GMail that allow to view mails via MSIE. WWW access works via HTTP proxy, direct access is not HTTP and does not work.
Exception: some proxies allow pin-holling. That is treated as security hole and bad configuration, but nonetheless it is sometimes possbile via HTTP/SSL support command CONNECT. But usually it is not possible to connect to every ports but only to :80 and :443 ports. And it is extremely rare that whois protocol would be on that ports, only HTTP or HTTPS protocols. Some servers, like many messengers like Jabber, ICQ, GTalk, or like Skype super-nodes, intentionally misuse those ports :80 and :443 to provide their non-HTTP protocols, thus helping those program to cheat on HTTP Proxy and bypass NAT isolation. But i think you'd hardly find many whois servers doing this
Whoever, if you find poorly configured proxy or such specially-configured whois server, you would have chance to use it.
Otherwise you would only be ably to use idHTTP over existing WWW-front-ends to whois servers. Most DNS name registrars do provide them, so users could check the data using no special tools but only WWW browsers.
Google for "http proxy ssl connect pinholling" for more details about such use of HTTP proxy.
Google for "NAT Traversal" and "Proxy Tunelling" for more general concept.
Sometimes VPN techniques are [mis-]used to tunnel outside.
PS. this does not answer "how can i do it" - there is no 100% reliable way - but hopefully answers "Why is it so simple with idHTTP component that have ProxyParams but with idWHOIS not?".
I guess you'd meet the very same obstacles, if to us idSMTP or other e-mail components through HTTP proxy.
PPS. there are more generic kind of proxies - Socks Proxy - that should allow any TCP-class protocol to be forwarded. But they are very rare thing.

Resources