HTTPS and HTTP URLs point to different places?
I own and use a domain for a project. When I type in my domain preceeded by HTTPS instead of HTTP, I am re-directed to a compromising website. How is this possible?
Did somebody buy the HTTPS version of my website? Do I need to own both the HTTPS and HTTP domains to prevent this from happening?
No, you do not need a separate registration. http://
or https://
are just protocol specifiers. The name will resolve to the same host. However, once you're on the hosted machine, the web server determines what to display. Often, HTTP (port 80) and HTTPS (port 443) can be routed to different pages. This should be configurable by the website admin/tools.
In some cases, you might need to purchase an SSL certificate to match your domain name. This provides a chain of trust, verifying that your site is who it says it is. If you haven't done this, you may be using the host's "default" ssl certificate, which can throw name mismatch warnings at you (which might be why you thought it was a compromising website).
If you see a totally different website, and your site is on shared hosting, it may be the case that your hoster has a configuration problem.
This was the case in a similar question:
"https://" refers to random site, "http://" is broken, but "http://www" works
Check if your and the other site are hosted by the same provider resp. on the same IP.
As you say you are directed to a compromising website, I would check that your site hasnt been hacked in some way with a unwanted redirection to the said website.
Comments
Post a Comment