Programming

6 Likes

A question: What’s the best practice these days for port 80 on websites? With my old configuration, I redirected all port 80 requests to port 443. Now I’m wondering if I should bother to open it at all.

I suppose that someone might try to access the site with some ancient device that doesn’t support SSL, but frankly, all I ever saw were lazy bot requests on port 80.

1 Like

I would say don’t open it. One of the security tools we use at work dings points for an open 80 even if all it does is redirect to 443

2 Likes

Last year Chrome changed to load https:// by default when you browse to a website, unless you explicitly tell it to go to http://website.tld, and on looking it up, it looks like Firefox moved to https-first in August this year.

And even if you don’t serve :80 at all, and even if a particular browser does default to checking http first, and even if that port isn’t explicitly redirected, I suspect most browsers will try :80, and silently try :443 if that fails, unless they’re old, like Netscape Navigator old.

4 Likes
2 Likes

I read that headline a little too quickly.

4 Likes

“But where our hearts truly lie is in strong coffee, noise-canceling headphones and good clean code.”

2 Likes