1 (edited by newera07 2019-05-24 18:49:30)

Topic: SSL http/https

Guys I have a huge problem. All my websites are labeled as dangerous because I should edit the htaccess file but I can't edit it because somehow cutenews effects it. How can I fix it?

This is my actual

.htaccess

# --- CUTENEWS[ST]
RewriteEngine ON
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /cutenews/show_news.php?cn_rewrite_url=$1 [L]
# --- CUTENEWS[ED]

and this is what I'm supposed to ass to make eveything sure

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

2 (edited by a392ac64d7 2020-08-21 22:08:21)

Re: SSL http/https

This is because encrypting the data is just half of it. The other half is making sure you're really accessing the site you think you are. Without this second half a so-called "man in the middle attack" is possible, where the attacker is "in the middle" of your connection (e.g. at your Internet Service Provider), reading and possibly modifying the data. The data will still be encrypted, but it will be encrypted by the attacker Tutuapp 9apps Showbox himself.