[Bob Kuczewski]

Thanks to some persistence by Rick Masters, the U.S. Hawks now supports secure access via the https protocol.

At this time, you can get to the US Hawks web site two ways:

• http://ushawks.org      (unsecured protocol)
• https://ushawks.org      (secured protocol)

Note the subtle difference of the "s" after "http" in the secured version.

It is highly recommended that everyone use the site via the secured (https) link so that your password and other private data (such as private messages) will be encrypted when sent over the Internet.

I think both versions will continue to work for now, but at some point we may disable the insecure protocol by forcing the http version to be translated to the https version. Please try the https version and post here if you have any problems. If no problems are reported, we will probably route all http access to https.

Thanks to Rick for prompting this change, and thanks to everyone who posts on the US Hawks and makes the site worthy of continual improvement.

NOTE:   It is highly advised that you change your password via the secured (https) protocol and that you only log in via the secured (https) protocol from now on. Whenever you use the insecure (http) protocol, all the information you type in is sent as "plain text". This includes your password (even though it may show up as "stars" while you're typing it). So if the data packets from past logins had been captured ("sniffed"), then the "sniffer" would have your password. I don't know how likely that actually is, but it's highly recommended that you change your password anyway. I just changed mine.

[Rick Masters]

Good move, Bob! (Use ctl shift - to downsize image.)
I am getting blazing speed out of the site, now. It's an amazing difference!           "The bullet-train of hang gliding forums!"
I see that all the Hawks Chapters are also secure.           "All our members' passwords are secure!"

"Although only less than 1% of all websites are secure (talk about getting ahead of the competition!), 40% of Google’s page one organic search results feature an HTTPS site. Google has encouraged webmasters to make the migration to a secure site for a while now and has been giving an increasing amount of weight in ranking boosts to websites that are HTTPS. Keep in mind, those sites ranking on page one of Google are also likely following many other best practices in order to gain and retain their valued page one real estate, so it’s not a surprise that of those ranking on page one, more are following Google’s heavy suggestion toward having a secure site!"
https://www.bluecorona.com/blog/https-and-seo

We are now ranked about #85 in Google keyword rankings for "recreational hang gliding." That should start to improve, now.

Approximate rankings today:
#2 Wills Wing
#3 hanggliding.org
#36 USHPA
#59 US Hang Gliding Rating System           "Atta-boy, Joe Faust!"
#85 US Hawks Hang Gliding Association

The next steps are here:
https://ahrefs.com/blog/seo-tips/

Maybe now we'll start showing up under "hang gliding."

[Rick Masters]

US Hawks Hang Gliding Association: The Bullet Train of HG Forums
                                                                                                    -- Don't stand on the track --
Approximate KEYWORD SEARCH RESULT rankings today:

"Hang Gliding"
#2 Wills Wing
#3 hanggliding.org
#38 USHPA
#58 US Hang Gliding Rating System         "Atta-boy, Joe Faust!"    + 1
#80 US Hawks HANG GLIDING ASSOCIATION    + 5

"Hang Gliding Association" - Top 10 First Page Ranking!
#1 USHPA
#2 RMHPA - Rocky Mountain
#3 HHA - Hawaiian HG Assoc
#4 CHGPA - Capital (DC)
#5 and #6 SHGA - Sylmar
#7 USHHGA - US HAWKS HANG GLIDING ASSOCIATION          "Atta-boy, BobK!"

"Hang Gliding forum" - Top 10 First Page Ranking!
#1, 2 & 3 hanggliding.org
#4 Oz Report
#5 Paragliding forum
#6 USHHGA - US HAWKS HANG GLIDING ASSOCIATION forum          "Atta-boy, BobK!"

[Bob Kuczewski]

"Atta-boy, BobK!"

Our site rankings are mostly due to great hang gliding content like your Dangerous Thoughts series. Thanks for helping us in so many ways.  

[Bob Kuczewski]

I've gotten some reports of difficulty with some pages since the switch to https.

I'm not sure if there are some http references in the site itself or if we're seeing browser caching issues. If you're having any trouble, please keep track of the URL as you move from page to page within the site. If you find a problem, please jot it down and get it to me. Then use your browser's "back" button to go back to a page that was working. If you're editing a long post, it's always a good idea to make a quick copy before pressing the submit button.

[Rick Masters]

When I log in, I am given the option to
Return to the previous page
but when I click that,
even though the go-to page referenced is an https, I get:
"This site can’t provide a secure connection
http://www.ushawks.org sent an invalid response.
ERR_SSL_PROTOCOL_ERROR"

When I post and hit
Submit
I am given the option
"This message has been posted successfully.
View your submitted message
Return to the forum last visited"
If I quickly hit "View your submitted message", it works all the time.

Previously, I would hit "Return to the forum last visited" and get an error message.
Trying it just now I got
Board index ‹ U.S. Hawks Hang Gliding Association ‹ Building the US Hawks
which is not where I had been but it beats the error page.
So you must be getting somewhere.        

[Bill Cummings]

I put the new secured website in my favorites and when I click there I get to the secured site with the green locked icon. BUT--
When I click on "US HAWKS" it takes me to the old unsecured site.
What do I do to fix this?

[Bob Kuczewski]

When I click on "US HAWKS" it takes me to the old unsecured site.

    Patient: "Doctor, it hurts when I do this."

    Doctor: "Don't do that."

Right now I think some of the links in the site may be "hard-coded" to http (and not https). I have noticed that a few times myself, and I just need to find the time to dig out those hard-coded links.

Until then, take the Doctor's advice and try to find a different way to navigate around the site. If you have specific instances of when it happens that will help me, but it might be some time until I can actually fix it.

[KaiMartin]

Right now I think some of the links in the site may be "hard-coded" to http (and not https). I have noticed that a few times myself, and I just need to find the time to dig out those hard-coded links.

It is good practice to make the server change URLs on the fly. With apache2 the rewrite module is the way to go. You'd make it so that incoming requests to http:// are automatically rerouted to https:// .
This approach will turn every request into a secure connection - no matter, whether the URL starts with "https" or with "http".

See a templates for /etc/apache/sites-available/ I use to set up web servers at my place. "XXXXXX" is supposed to be replaced by the actual machines name.
For this to work I'd have to enable the rewrite module with the command "a2enmod rewrite".

Code: Select all

<VirtualHost *:80>
  ServerName XXXXX.iqo.uni-hannover.de
  ServerAlias XXXXXX www.XXXXXX
  ServerAlias XXXXXX.iqo.uni-hannover.de www.XXXXXX.iqo.uni-hannover.de
  UseCanonicalName Off

  RewriteEngine On
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^.*$ https://XXXXXX.iqo.uni-hannover.de/ [L,R]
</VirtualHost>

<VirtualHost *:443>
  ServerName XXXXXX.iqo.uni-hannover.de
  ServerAlias XXXXXX www.XXXXXX
  ServerAlias XXXXXX.iqo.uni-hannover.de www.XXXXXX.iqo.uni-hannover.de
  UseCanonicalName Off

  DocumentRoot /var/www
  ServerAdmin SOMEBODY@iqo.uni-hannover.de

  # Logfiles:
  CustomLog /var/log/XXXXXX.log combined
  ErrorLog /var/log/XXXXXX_error.log
  LogLevel warn

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>
 
  SSLEngine On
  SSLCipherSuite HIGH
  SSLCertificateFile    /etc/apache2/ssl/XXXXXX.iqo.uni-hannover.de.crt
  SSLCertificateKeyFile /etc/apache2/ssl/XXXXXX.iqo.uni-hannover.de.key

  BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

  ScriptAlias /cgi-bin/ /usr/share/dokuwiki/lib/

# additional configuration

</VirtualHost>


[Bob Kuczewski]

Thanks for the suggestion! That's what I was trying to say here:

I think both versions will continue to work for now, but at some point we may disable the insecure protocol by forcing the http version to be translated to the https version. Please try the https version and post here if you have any problems. If no problems are reported, we will probably route all http access to https.

The reason I just didn't map all access through https was to not lose any members whose browsers might not have the latest cryptography updates. Once I do that, they might have no way to access the site at all. They wouldn't even be able to send me a PM or even create a new account. I'd like to send a broadcast email first so if anyone has a problem, they can contact me via that email.

We're too small to leave anyone behind!!