GitLab

The website to provide download URL http://get.videolan.org website is exposed as insecure HTTP without permanent redirect required to implement proper HTTPS security.

To test the security vulnerability that enable MITM attacks you can use curl from command line:

curl -v get.videolan.org

• Rebuilt URL to: get.videolan.org/
• Trying 195.154.241.219...
• TCP_NODELAY set
• Connected to get.videolan.org (195.154.241.219) port 80 (#0)

GET / HTTP/1.1 Host: get.videolan.org User-Agent: curl/7.54.0 Accept: /

< HTTP/1.1 200 OK < Server: nginx/1.13.8 < Date: Mon, 12 Mar 2018 12:38:34 GMT < Content-Type: text/html < Transfer-Encoding: chunked < Connection: keep-alive < Vary: Accept-Encoding < Alt-Svc: h2=":443" <

Index of /videolan/

Example nginx configuration to implement it properly ​https://bjornjohansen.no/redirect-to-https-with-nginx