Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't think that's helpful. Perhaps more along the lines of putting a flat redirect on port 80, with no content.

(It sounds like this attack depends on a complete version of the website being available over port 80)



> (It sounds like this attack depends on a complete version of the website being available over port 80)

No, it doesn't. An attacker can always connect to the website over HTTPS and proxy the content to the victim over port 80.


Hmm, yes, of course you are correct. I'm not sure why I was thinking that wouldn't be a risk.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: