LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 15653 - HTTPS access to llvm.org gives 404 error
Summary: HTTPS access to llvm.org gives 404 error
Status: RESOLVED WORKSFORME
Alias: None
Product: Website
Classification: Unclassified
Component: General Website (show other bugs)
Version: unspecified
Hardware: All All
: P normal
Assignee: Tanya Lattner
URL:
Keywords:
: 21649 31479 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-04-02 04:22 PDT by Matthieu Moy
Modified: 2017-10-19 07:18 PDT (History)
10 users (show)

See Also:
Fixed By Commit(s):

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Moy 2013-04-02 04:22:16 PDT 
I mistakenly accessed https://llvm.org/ (httpS instead of plain HTTP). I'd expect either

* HTTPS working
* Redirection to the plain HTTP site
* at worse, no reply from server.

Instead, I got a 404 error:

Not Found
The requested URL / was not found on this server.

I guess there's a misconfigured virtual host in the apache config.
Comment 1 Paul Wankadia 2014-10-26 08:29:36 PDT 
Considering what http://llvm.org/apt/ offers, you'd expect https://llvm.org/apt/ to work, but it doesn't. Not even for the GPG key.

Please enable secure downloads for the GPG key at the very least!
Comment 2 Alexander Potapenko 2014-10-28 15:12:40 PDT 
It'd also be nice if Bugzilla worked over HTTPS.
Comment 3 Reid Kleckner 2014-11-25 13:33:42 PST 
*** Bug 21649 has been marked as a duplicate of this bug. ***
Comment 4 Paul Robinson 2015-11-24 11:16:15 PST 
Oddly, while
    https://llvm.org/PRnnnn
returns a 404,
    http://llvm.org/PRnnnn
will redirect to
    https://llvm.org/bugs/show_bug.cgi?id=nnnn
Comment 5 Andi McClure 2016-02-21 14:18:21 PST 
Also subsites like clang.llvm.org, when accessed via HTTPS, throw up a browser warning page because they are reporting their domain name as llvm.org... https://clang.llvm.org
Comment 6 Anton Korobeynikov 2016-12-27 07:09:57 PST 
*** Bug 31479 has been marked as a duplicate of this bug. ***
Comment 7 Daniel Holbert 2017-10-18 16:39:29 PDT 
This was fixed at some point -- https://llvm.org/ isn't 404 anymore, but now shows the LLVM front page.  (same as the insecure HTTP version of that URL)

These sites mentioned in other comments all load fine for me, too:
 https://clang.llvm.org/
 https://llvm.org/apt/
 https://llvm.org/PR15653  (replacing "nnnn" with an actual bug number)
Comment 8 Konstantin Gribov 2017-10-19 05:45:46 PDT 
Thanks for fixing this issue. It's great security improvement ,)
Comment 9 Ori Avtalion 2017-10-19 05:51:50 PDT 
Should I open a new bug to have http redirect automatically to https?
Comment 10 Andi McClure 2017-10-19 07:18:15 PDT 
If you have auto-redirect to HTTPS set up you should also consider enabling HSTS to prevent downgrade attacks.