link in default index.html should be HTTPS
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Debian) |
New
|
Unknown
|
|||
apache2 (Ubuntu) |
New
|
Wishlist
|
Unassigned |
Bug Description
Hi folks,
When running the Hardenize (https:/
To reproduce
* Start with a base install of ubuntu server
* run the following commands:
sudo apt-get update; sudo apt-get dist-upgrade; sudo apt-get install apache2
* optionally set up SSL
* browse to http(s)://<your server IP or hostname>
* hover over the link on public_html & observe it begins with http://
All the best,
Chris 8-)
Changed in apache2 (Debian): | |
status: | Unknown → New |
Hello and thanks for this bug report. There is indeed a plan http link in the default index.html:
<a href="http:// httpd.apache. org/docs/ 2.4/mod/ mod_userdir. html" rel="nofollow" >public_ html</a>
I doubt this is going to be an issue in any practical way, so I don't think we're going to deviate from Debian in order to fix this in Ubuntu: the extra maintenance effort is not justified. The right place to fix this is in the Debian packaging, and I see you already filed a Debian bug.
If you feel so inclined, you could submit a MR on salsa (the Debian GitLab) that updates these links:
https:/ /salsa. debian. org/apache- team/apache2/ -/blob/ 87fb3dac24ae682 fb15182c2ab1dc7 e717ded818/ debian/ index.html# L329
https:/ /salsa. debian. org/apache- team/apache2/ -/blob/ 87fb3dac24ae682 fb15182c2ab1dc7 e717ded818/ debian/ index.html# L350
Eventually Ubuntu will pick up the fix.