-
-
Notifications
You must be signed in to change notification settings - Fork 973
/
redirect.html
165 lines (118 loc) · 4.42 KB
/
redirect.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<?xml version="1.0" encoding="utf-8"?>
<html>
<head>
<style>
body {
font-size: 120%;
margin: 2em;
max-width: 50em;
}
button.qLink {
font-size: 110%;
font-weight: bold;
border-radius: 2px;
padding: 2px 1em 2px 1em;
margin: 0px 0px 4px 0px;
border-top: 2px solid #DDD;
border-left: 2px solid #DDD;
border-right: 2px solid #888;
border-bottom: 2px solid #888;
}
button.qLink:hover {
background: #E0E0EF;
cursor: pointer;
}
button.qLink:active {
background: #E8E8EF;
border-top: 2px solid #DDD;
border-left: 2px solid #DDD;
border-right: 2px solid #DDD;
border-bottom: 2px solid #DDD;
cursor: pointer;
}
</style>
</head>
<body>
<div style="font-size:150%;">
<h2>Weaning "<span class="host">host</span>" off HTTPS/SSL</h2>
<p>The "<span class="host">host</span>" server will
eventually stop supporting incoming SSL connections. Please
update your links accordingly.</p>
<p>Redirecting you to <span id="s1"
style="color:#0000FF">TARGET</span> in <span id="c1">15</span>
seconds.</p>
<p style="text-align:center"><button class="qLink" id="button1"
onclick="suspendButtonClick()">Suspend redirect</button></p>
</div>
<div>
<h3>Why is SSL is being turned off?</h3>
<p>Even if letsencrypt certificates are free, renewing these
certificates every three months takes time and effort. Given
that "<span class="host">host</span>" is load-balanced
over several machines, the effort involved in renewing the
certificates is non-negligible and could not be fully automated.
</p>
<p>There is a bigger reason though. We think that mindless
security procedures are detrimental to all organizations. When
security becomes an overriding concern above all else, it makes
organizations wither slowly but surely. Security needs should be
applied with intelligence and measure. In larger organizations,
the current trend is to apply security-motivated organizational
changes first and think later. </p>
<h3>But what about security risks?</h3>
<p>Admittedly, turning off SSL can have adverse affects. An
attacker could eavesdrop and steal user credentials. However,
the site "<span class="host">host</span>" does not
store user credentials. Incidentally, it does not track users
nor store cookies either.</p>
<p>In a more severe case, an attacker could intercept the HTTP
connection and serve hacked binaries. To eliminate this risk
altogether, the site "<span class="host">host</span>"
will no longer directly serve downloadable binaries but
indirectly delegate this task to Maven Central where 99% of
users download the binaries anyhow.
</p>
</div>
<script>
var suspended = false;
function suspendButtonClick() {
var txt = "";
if(suspended) {
txt = "Suspend redirect" ;
} else {
txt = "Unsuspend redirect";
}
suspended = !suspended;
document.getElementById("button1").innerHTML = txt;
}
function getUrlVars() {
var vars = {};
var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) {
vars[key] = value;
});
return vars;
}
var hostname = location.hostname;
var targetURL = "http://" + hostname + "/" + getUrlVars()["target"];
var hostElements = document.getElementsByClassName("host");
var hostElementsLen = hostElements.length;
var i;
for(i = 0; i < hostElementsLen; i++) {
hostElements[i].innerHTML = hostname;
}
document.getElementById("s1").innerHTML = "<a href=\"" + targetURL + "\">" + targetURL + "</a>";
var count = 15;
var timer = setInterval(function() {
if(suspended) {
return;
}
var spanCount = document.querySelector('#c1');
count--;
spanCount.textContent = count;
if(count <= 0) {
window.location = targetURL;
}
}, 1000);
</script>
</body>
</html>