From: "Tom Hightower" <tomh@xxxxxxxxxxx>HTTP
To: "MIDRANGE-L (midrange-l@xxxxxxxxxxxxxxxxxx)" <midrange-
Date: 10/02/2021 09:45 AM
Subject: [EXTERNAL] How do I fix this: HTTPS request can be accessedover
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>HTTP.
We host two of our servers on our i, with lots of NetData scripts,
calling CL and RPGLE programs. For nearly 20 years everything has
been fine (SSL and non-SSL). We have one server running non-SSL,
another running SSL (SERVERA, SERVERSSL).
Over the past few weeks when we do a scan via SecureTrust, we've
started getting this fail from them: HTTPS request can be accessed over
Any idea on where to start looking to resolve this?
Following is some text that they provide on the fail error, if it
Description The Application server does not distinguish betweenconfidentiality.
requests sent over insecure channel (http) and requests originally
sent over https and gives a similar response. This type of
vulnerability constitutes an access control weakness that can
compromise the confidentiality of your data. Also, the availability
of particular pages outside of a secured context can cause
legitimate users to believe that the session is secure, and
therefore submit private information in clear text. For example, if
credit card details are entered in a session which is accessed over
https and if this session is accessible through http, then these
details can be used by the attacker resulting in loss of
Solution Examine your Web Server's configuration to determine why
pages that should only be viewable via HTTPS are being served over
HTTP. Also, examine the configuration of any applications you have
installed to ensure that the proper permissions are in place to
prohibit forceful browsing of HTTPS resources over HTTP.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxu=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=jf_iaSHvJObTbx-
To subscribe, unsubscribe, or change list options,
visit: INVALID URI REMOVED
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at INVALID URI REMOVED
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
Help support midrange.com by shopping at amazon.com with our affiliate
INVALID URI REMOVED
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.