Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

HTTPS Everywhere and problems accessing www.inf.ed.ac.uk

We’ve recently been getting an increased number of support tickets about problems accessing Student Services pages. The common thread in most of these tickets is that the person involved is incorrectly trying to do so using an HTTPS URL.

In the case of the Student Services pages, HTTPS is used to authenticate you, and then only allows people with the appropriate authorisation to proceed (as the page authoring system kicks in). If the page is a publicly visible page, then viewing it via HTTP works just fine. For example, for students the first link below should work fine (making sure your browser shows an HTTP URL), but the second should give you an access denied (unless you do have access permission).

It appears that the reason some people are using HTTPS, is because of browser plugins like the EFF HTTPS-everywhere. Unfortunately it ships with a configuration that assumes all HTTP www.inf.ed.ac.uk URLs are also accessible via HTTPS (which they are not).

We have submitted a patch to the EFF to remove this incorrect assumption, but until that is accepted and published, users of this plugin (or similar) should use whatever configuration it comes with, to exempt www.inf.ed.ac.uk from being forcibly redirected to HTTPS.

I hope that helps explain some of the confusion/problems people have been having.

Neil

PS Obviously we’d like to be in a state where HTTPS does work for all Informatics sites, but that transition will be gradual and lengthy.

PPS I’d also be interested to hear about any similar plugins that people are using that do the same thing as the EFF plugin.

HTTPS Everywhere and problems accessing www.inf.ed.ac.uk / Computing Systems by is licensed under a

Posted by

Categories

Uncategorized

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

HTTPS Everywhere and problems accessing www.inf.ed.ac.uk / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel