HUAWEI Router tries to manipulate HTTPS connections?

At home I use a HUAWEI Router (Huawei B528s-23a), the default device which my provider recommends.

In last days I got often a certificate error when opening a website which was obviously not the routers page.

In Safari for example:

Safari: certificate is not trusted

It’s seems that the router answers the SSL-Connection instead of the page I wanted to open. Is there any explanation for this strange behaviour?

ps: I’m not a native English speaker; Please forgive for my potentially mistakes.

Problema con htaccess al redirigir www y https en .com.mx

Hola tengo un dominio con .com.mx el cual quiero sea siempre dirigido con https y www pero al parecer el siguiente código no esta funcionando.

RewriteEngine on  RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$   [NC] RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]  RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]  

Ese código previamente lo he usado en .com

¿Acaso hay algo distinto cuando es .com.mx?

El error que me marca es el 403

[SP2016][Office Online Server] Web Apps don’t work on SharePoint https sites

I have issues with my lab environment where I have set redirection from http to https. Everything works fine until I try to open documents in web apps. I am getting error that there was a problem and document cannot be opened.

Here is short overview of how I set up redirection:

  1. Added new binding in IIS for my web application (https, port 443 and certificate)
  2. AAM settings:

    a)Internal URL:https://servername, Zone:Default, Public URL:https://servername

    b)Internal URL:http://servername, Zone:Default, Public URL:https://servername

Office farm configuration:

enter image description here

WOPI zone has been set to internal-https.

Logs from OOS:

02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing buqay Medium Wopi,CheckFile,WACSERVER HttpRequestAsyncException [url:UREDACTED_(vHKPAP1SI77bjR6MgrgTYoLULPb0bcptKBENxaaj3dA=), e:Microsoft.Office.Web.Common.HttpRequestAsyncException: No Response in WebException —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) — End of inner exception stack trace — at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Office.Web.Common.HttpRequestAsync.GetResponseCallback(IAsyncResult asyncResult) — End of inner exception stack trace —] 9a3fbd9e-4066-604e-f675-99afa0e09b9f 02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing adhsk Unexpected WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed. —> Microsoft.Office.Web.Common.HttpRequestAsyncException: No Response in WebException —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) — End of inner exception stack trace — at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Office.Web.Common.HttpRequestAsync.GetResponseCallback(IAsyncResult asyncResult) — End of inner exception stack trace — — End of inner exception stack trace — at Microsoft.Office.Web.Apps.Common.WopiTalky.AddHostResponseDataAndThrow(Exception exception, HttpRequestAsyncResult result) at Microsoft.Office.Web.Apps.Common.WopiTalky.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Apps.Common.WopiDocument.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Common.HttpRequestAsync.End() at Microsoft.Office.Web.Apps.Common.WopiDocument.CheckWopiFile()] 9a3fbd9e-4066-604e-f675-99afa0e09b9f 02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing ajjve Medium WOPI CheckFile: Catch-All Failure [url:UREDACTED_(6UnYFVPmv6zdLFtOUT4YJEYsPRvdiT0O6frvZoEsQhM=)] 9a3fbd9e-4066-604e-f675-99afa0e09b9f 02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Word Online DocX Common ann56 Medium Setting Completion: [Operation:WacCheckFile] [CompletedSuccessfully:False] [RootOperation:] [StartTime:02/06/2019 07:54:12.612] [DurationInMilliseconds:39] [SizeInBytes:0] [ExtraInfo:] 9a3fbd9e-4066-604e-f675-99afa0e09b9f 02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Services Infrastructure Services Infrastructure Br Err bsl5f Medium BaseDocument::LogSessionMetrics: {“ApplicationLCID”:”pl-PL”,”BrowserLCID”:”pl-PL”,”DataLCID”:”en-US”} 9a3fbd9e-4066-604e-f675-99afa0e09b9f 02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing axvdb Medium CheckFailureCache.IncrementCheckFailureCount Doc: e02f7b7c23e308eeaca7d4921b409b72f6a1fc0a5f729604cb5a51af65ef2121 User: IREDACTED 9a3fbd9e-4066-604e-f675-99afa0e09b9f 02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Services Infrastructure Services Infrastructure Br Err b66ra Unexpected FileUnknownException with InnerException from CheckBaseDocument, InnerException: Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed. —> Microsoft.Office.Web.Common.HttpRequestAsyncException: No Response in WebException —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) — End of inner exception stack trace — at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Office.Web.Common.HttpRequestAsync.GetResponseCallback(IAsyncResult asyncResult) — End of inner exception stack trace — — End of inner exception stack trace — at Microsoft.Office.Web.Apps.Common.WopiTalky.AddHostResponseDataAndThrow(Exception exception, HttpRequestAsyncResult result) at Microsoft.Office.Web.Apps.Common.WopiTalky.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Apps.Common.WopiDocument.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Common.HttpRequestAsync.End() at Microsoft.Office.Web.Apps.Common.WopiDocument.CheckWopiFile() 9a3fbd9e-4066-604e-f675-99afa0e09b9f

I read some articles (e.g. link) that adding http path as intranet zone may resolve issue, but in my scenario it removes redirection from http to https.

How can I configure it to make it work? I suppose that better option would be to extend my web application to SSL (I have done it for another web app and web apps work there), but I am wondering whether it is possible to perform it without creating separate site.

Thanks in advance for advice.

JWT vs custom encryption for REST APIs over https

For our REST API architecture, we are currently thinking over two options –

  1. Json Web Token – pros are that it is industry standard, we pass a key which adds a layer of access control and using which we can also add secondary authorisation restrictions at our backend, maintenance of session and related security features are provided by Django by default.

    Cons are that the params are open for anyone to see, it seems (and correct me if I’m mistaken) that it is possible that if someone gets access to our link, he could alter a param that is not linked with the core authentication process and thus compromise the data.

  2. An in house encryption process we developed that encrypts all the params. Pros are that we are fairly certain of it to have never been compromised, for even if the link would have gotten into the hands of someone they wouldn’t have known how to decrypt it to look at the params.

    Cons are that we have to manage all the session data through our backend code in our tables, so we aren’t able to utilize the Django features. Also, the idea that what we are doing isn’t industry standard.

What is the right way to decide in this situation, and what are the factors that we should take into account?

Https POST Request for POST Parameters

im looking to allow a previously GET request of a url like: myurl.com/site/id/1 where the value 1 in this case – is a pseudo random and not too difficult to guess.

I’m looking to bring this id/1 key/value into my request BODY .

Is this more secure by using POST and putting the key and value into the request BODY, than using GET and having it in the url ?

How can I make this even more secure?

Como obtener un certificado https para mi pagina alojada en AWS S3 ( Dominio en NIC.ar)

Hola a toda la comunidad, primero que nada, frente a mi desesperacion he publicado esta misma pregunta en otros foros.

Comencemos:

Tengo alojado en un Bucket (AWS S3) una pagina web enlazada con un dominio registrado en NIC.ar (‘Argentina’ valga la redundancia). Ok hasta ahi todo bien. La pagina hace uso de los servicios de autenticacion de FACEBOOK Y GOOGLE, por ende necesito urgente que mi pagina trabaje bajo el protocolo HTTPS. Bien, entonces ESPECIFICAMENTE el problema seria conseguir esos certificados y poder usarlos en AMAZON (AWS) donde tengo alojada mi pagina en un bucket s3. Investigando un poco, con alguno de los siguientes servicios: ROUTE 53 – CLOUDFRONT – S3 puedo obtener el certificado. pero NO PUEDO VALIDARLO ya que el certificado genera valores CNAME record y en NIC.ar solamente puedo delegar valoes NS record.

Se entiende el problema? es urgente porfavor.

Error en redireccionar a solo https sin www usando .htaccess

Estuve buscando en la web un ejemplo para redireccionar todo sin www encontré lo siguiente:

RewriteEngine On  # Follow symbolic links. Options +FollowSymLinks  RewriteCond %{HTTP_HOST} !^$   RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]  # Prevent directory listings Options All -Indexes 

Esto no se exactamente que hace Options All -Indexes Options +FollowSymLinks e intentando con algunos ejemplos sin éxito.

Pero no funciona puedo ingresar sin problemas y, no me redirecciona a https

Lo que deseo lograr, es que si ingresa a mi sitio web de esta manera:

www.example.com/ example.com/ o http://www.example.com/ http://example.com/ 

Redireccionar siempre a:

https://example.com/ 

Sin uso de www

Working with https in sharepoint

I have an asp.net MVC web application which is calling my Sharepoint Web application to fetch data from lists and libraries. Basically my MVC application is a web site for which data is being populated by calliing a Sharepoint api.
Now my problem is when Im using http protocol to connect to sharepoint application it workds fine.
But when I use https to connect to sharepoint application it does not work. What could be a possible solution for this scenario?
Suggestions are eagerly awaited.