> On Sep 26, 2017, at 5:04 PM, Matthew Butterick <m...@mbtype.com> wrote:
> What about the new HTTP port that the Racket web server has opened?
> Should that be secured somehow (e.g., firewall)?

Yes. For any server exposed to the internet, you want to make sure to
only whitelist the appropriate ports.

In fact, to elaborate a little bit more: what you probably want to do
is only support HTTPS, but you will not want to only listen on port 443,
since that means people who attempt to connect over HTTP will get a
failed connection error. You can’t just proxy HTTP to HTTPS, since that
would mean the connection between the client and the server will be
unencrypted, which defeats the whole purpose.

What you will want to do instead is automatically redirect any users who
use HTTP to the equivalent HTTPS locations by issuing HTTP 301s. This
way, browsers and other user agents will automatically be “promoted” to
HTTPS after an initial HTTP request. You can do this by configuring an
Apache virtual host to listen on port 80, then redirect all traffic to
an https:// prefixed URL, which will then be handled by the other
virtual host listening on 443.

You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to