• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

SSL

Jeremy

Well-known member
#4
Do you have a proper .htaccess file? It looks as if you don't have it set up on your server to allow friendly URLs to function.
 

Slind

Active member
#5
Code:
 RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
    RewriteEngine On

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>
 

Floren

Well-known member
#7
Your SSL setup is not proper:
https://mineyourmind.de/forum/
https://www.mineyourmind.de/forum/ !!

SSL Labs:
https://www.ssllabs.com/ssltest/analyze.html?d=https://mineyourmind.de/forum/&hideResults=on
https://www.ssllabs.com/ssltest/analyze.html?d=mineyourmind.de&s=94.249.198.99&hideResults=on
You're vulnerable to BEAST attacks and have no support for TLS 1.2.

Proper setup:
https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=74.125.227.148&hideResults=on
https://www.ssllabs.com/ssltest/analyze.html?d=https://www.axivo.com/community/&hideResults=on
Note: Chain anchor is NOT an issue, according to RFC5246:
"Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case."
 
Last edited: