We all know how important TLS is when you submit forms. But is it really necessary on all of my posts?
I decided that I don’t need it on all my posts, so I disabled the HTTPS redirect. I didn’t disable HTTPS though, so if you access my site with https://nerdoflinux.com then it will still work just fine. In Google Chrome, at least, if you access my site with HTTPS, all links you click on will lead to the HTTPS version. If you’re just reading, please use HTTP to decrease my server load, but if you’re logging in, please use HTTPS. You probably don’t need to use HTTPS to leave comments if you’re not logged in, as the most anyone can get is your email.
Many websites use auto HTTPS redirect, and that’s fine. But smaller websites don’t need HTTPS, especially on plain old content that doesn’t contain any login forms. HTTP doesn’t require encryption, which greatly decreases the amount of strain on the server, and the amount of people that can be connected. If you’re on an unsecured WiFi connection, however, you should probably use HTTPS as it also verifies if the server is the one you intend to communicate with. HTTPS has anti man in the middle techniques, which prevent people from faking the server you’re trying to connect to. HTTPS verifies that the server is the site it says it is, and HTTPS certificates require proof that you own the site, so not anyone can just fake your site.
I know this website has went through a lot of changes, and downtime as a result of that, and I apologize for that. I try to have as little down time as possible, but some things are just unpreventable. I also recently configured apache’s mod_evasive to ban IP addresses with iptables after a DoS attempt.
Besides, if you need HTTPS, get a plugin like HTTPS everywhere.