You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

News/HTTPS enforcement at shared proxy: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>BryanDavis
(→‎What is changing?: add note about HSTS header)
 
imported>BryanDavis
(Mark tracking task as resolved)
 
Line 1: Line 1:
{{Tracked|T120486}}
{{Tracked|T120486|Resolved}}
The [[Help:Using a web proxy to reach Cloud VPS servers from the internet|web proxy]] service for Cloud VPS projects is enforcing [[w:Transport Layer Security|TLS]] encryption by automatically redirecting from HTTP to HTTPS.
The [[Help:Using a web proxy to reach Cloud VPS servers from the internet|web proxy]] service for Cloud VPS projects is enforcing [[w:Transport Layer Security|TLS]] encryption by automatically redirecting from HTTP to HTTPS.


Line 8: Line 8:
== Timeline ==
== Timeline ==
* {{Done}} 2020-08-18: TLS enforced for ''GET'' and ''HEAD'' requests and Strict-Transport-Security header with ''one day'' duration sent to clients.
* {{Done}} 2020-08-18: TLS enforced for ''GET'' and ''HEAD'' requests and Strict-Transport-Security header with ''one day'' duration sent to clients.
* 2021-02-01: TLS enforced for all requests and Strict-Transport-Security header with ''one year'' duration sent to clients.
* {{Done}} 2021-02-02: TLS enforced for all requests and Strict-Transport-Security header with ''one year'' duration sent to clients.

Latest revision as of 18:03, 2 February 2021

The web proxy service for Cloud VPS projects is enforcing TLS encryption by automatically redirecting from HTTP to HTTPS.

What is changing?

  • Requests to *.wmcloud.org and *.wmflabs.org hosts via the domain proxy service enforce TLS encryption
  • Strict-Transport-Security header added to TLS secured responses instructing user-agents to automatically upgrade http:// requests to https:// for the next 24 hours.

Timeline

  • Yes Done 2020-08-18: TLS enforced for GET and HEAD requests and Strict-Transport-Security header with one day duration sent to clients.
  • Yes Done 2021-02-02: TLS enforced for all requests and Strict-Transport-Security header with one year duration sent to clients.