videolan.org website is exposed as insecure HTTP without permanent redirect
The videolan.org website is exposed as insecure HTTP without permanent redirect required to implement proper HTTPS security.
To test the security vulnerability that enable MITM attacks you can use curl from command line: $ curl -v http://www.videolan.org
- Rebuilt URL to: http://www.videolan.org/
- Trying 88.191.250.2...
- TCP_NODELAY set
- Connected to www.videolan.org (88.191.250.2) port 80 (#0)
GET / HTTP/1.1 Host: www.videolan.org User-Agent: curl/7.54.0 Accept: /
< HTTP/1.1 200 OK < Server: nginx/1.13.9 < Date: Mon, 12 Mar 2018 12:31:17 GMT < Content-Type: text/html < Content-Length: 60353 < Connection: keep-alive < Last-Modified: Mon, 12 Mar 2018 12:30:03 GMT < Vary: Accept-Encoding < ETag: "5aa672cb-ebc1" < X-Accepted-Language: en < X-Accepted-Fulllang: en < Accept-Ranges: bytes < X-Clacks-Overhead: GNU Terry Pratchett <
Example nginx configurato to implement it properly https://bjornjohansen.no/redirect-to-https-with-nginx