[u-u] oeb.ca geo-blocked?

William Kisin uu at sunlight.ca
Thu Feb 13 11:24:32 EST 2025 

To webmaster at oeb.ca:

Possible server misconfiguration.  See discussion thread below.


William_Kisin at sunlight.ca

On February 13, 2025 11:07:35 AM EST, Dan Astoorian <djast at ecf.utoronto.ca> wrote:
> A lot of modern browsers now seem to default to https://, and fall back to http:// if it is not available.
> 
> There's been a push for some time to make https:// the default for the web, which makes some sense.  As long as browsers default to http://, a DNS attack is sufficient to redirect traffic from http://oeb.ca to an https:// site of the attacker's choosing (e.g., they could register www.oeb-on.ca and get a LetsEncrypt cert for that domain, and redirect http://oeb.ca to https://www.oeb-on-ca).
> 
> Even without an http redirect, I get sent to https://oeb.ca upon typing "oeb.ca" into the address bar in any of Firefox 128.5.1esr, Chromium 131.0.6778.139, or Microsoft Edge 131.0.2903.99 on my AlmaLinux 8 workstation.
> 
> Cf. https://blog.chromium.org/2023/08/towards-https-by-default.html .
> 
> -- 
> Dan Astoorian, Systems Administrator
> Engineering Computing Facility
> University of Toronto
> 
> On 2025-02-13 10:09, Giles Orr wrote:
> >> On February 11, 2025 11:07:26 AM EST, Bruce Becker <bdb at 0123456789-abcdefghijklmnopqrstuvw.xyz> wrote:
> >>> on F/F, "oeb.ca" times out altho "oeb.ca/" works as expected
> >>> 
> >>>       On Tuesday, February 11, 2025 at 10:29:25 a.m. EST, Evan Leibovitch <evan at telly.org> wrote:
> >>> 
> >>>   Not sure if it's geo-blocking, but something is definitely weird.
> >>> >From deep inside 416, oeb.ca times out on Firefox but works fine on Brave. Try switching browsers.
> >>> On Tue, Feb 11, 2025 at 8:47 AM Andrew Cagney <andrew.cagney at gmail.com> wrote:
> >>> 
> >>> It seems that oeb.ca isn't accessible outside of Fordtopia (for
> >>> instance, from .au and .eu say).  Would anyone know if this is
> >>> intentional.
> >>> Andrew
> > On Tue, 11 Feb 2025 at 11:35, William Kisin <uu at sunlight.ca> wrote:
> >> Using Firefox on my Android tablet:
> >> 
> >> oeb.ca  fails
> >> oeb.ca/  fails
> >> http://oeb.ca  fails
> >> https://oeb.ca  works
> >> 
> >> William (Willie) Kisin
> > I've managed to set up a server that behaved exactly the same.  This
> > is bad server administration from whoever is running the web server.
> > 
> > Interestingly, they've been clever enough to block the server
> > announcing its server type:
> > 
> > $ curl -I https://oeb.ca/
> > HTTP/1.1 302 Found
> > Date: Thu, 13 Feb 2025 15:04:49 GMT
> > Server:
> > Location: https://www.oeb.ca/
> > Content-Type: text/html; charset=iso-8859-1
> > 
> > But not clever enough to manage the redirect from http: to https:.
> > Which means 99.9% of the population won't manage to get to this site
> > because just typing "oeb.ca" uses http: which should then redirect to
> > https: as it does on nearly every other server on the planet.  I
> > expect this will be fixed soon, although you never know.
> > 
> > "Never attribute to malice that which is adequately explained by stupidity."
> > 
> _______________________________________________
> u-u mailing list
> u-u at mail-ml.infra-service.ca
> http://www2.infra-service.ca/mailman/listinfo/u-u

William (Willie) Kisin

More information about the u-u mailing list