SSL

Do you have a proper .htaccess file? It looks as if you don't have it set up on your server to allow friendly URLs to function.
 
Code:
 RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
    RewriteEngine On

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>
 
Your SSL setup is not proper:
https://mineyourmind.de/forum/
https://www.mineyourmind.de/forum/ !!

SSL Labs:
https://www.ssllabs.com/ssltest/analyze.html?d=https://mineyourmind.de/forum/&hideResults=on
https://www.ssllabs.com/ssltest/analyze.html?d=mineyourmind.de&s=94.249.198.99&hideResults=on
You're vulnerable to BEAST attacks and have no support for TLS 1.2.

Proper setup:
https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=74.125.227.148&hideResults=on
https://www.ssllabs.com/ssltest/analyze.html?d=https://www.axivo.com/community/&hideResults=on
Note: Chain anchor is NOT an issue, according to RFC5246:
"Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case."
 
Last edited:
Back
Top Bottom