QGIS.org not to be reached. not secure enough.

[Bandersnatch50]

Description

I work for the local goverment in Holland. And I cannot see the QGIS website in my browser. It is blocked by our firewall.

In Holland we have a adres to check how secure your website is? (internet.nl)

It seems that your site is blocked by us. If you make it more secure we can reach it again?

(https://internet.nl/site/qgis.org/1513926/) Page URL: https://qgis.org

[rduivenvoorde]

Hi @Bandersnatch50, mmm looking at the messages, I think your org is very strict/streng. Those rules seem to be set up for sites that need some security, but in the case of qgis.org we only serve plain old html no logins there(?). We are not a bank :-)

About the messages:

DNSSEC... we could probably enable this, but somebody has to dive into this. Are you familiar with it?

Indeed we run QGIS on a littel older server which may not have all newest cert stuff. Note that we use (an older) version of Letsencrypt, we set all the cyper stuff for us...

So my conclusion: yes they are right: we use older cypers which could be not secure enough if somebody wants to peek traffic or try to take over sessions or so, but as said we do not have logins for what I know? So at this moment we take a little risk I think... Time we dive into this...

[Bandersnatch50]

Dank je Richard voor je antwoord. Ik ga bij mijn ICT organisatie vragen wat er aan de hand is? Ik zie bij ons alleen een leeg scherm…. Mijn qgis plugins kunnen niet geladen worden.

Groet, Erik

Op za 26 feb. 2022 om 08:37 schreef Richard Duivenvoorde < @.***>

Hi @Bandersnatch50 https://github.com/Bandersnatch50, mmm looking at the messages, I think your org is very strict/streng. Those rules seem to be set up for sites that need some security, but in the case of qgis.org we only serve plain old html no logins there(?). We are not a bank :-)

About the messages:

DNSSEC... we could probably enable this, but somebody has to dive into this. Are you familiar with it?

Indeed we run QGIS on a littel older server which may not have all newest cert stuff. Note that we use (an older) version of Letsencrypt, we set all the cyper stuff for us...

So my conclusion: yes they are right: we use older cypers which could be not secure enough if somebody wants to peek traffic or try to take over sessions or so, but as said we do not have logins for what I know? So at this moment we take a little risk I think... Time we dive into this...

— Reply to this email directly, view it on GitHub https://github.com/qgis/QGIS-Website/issues/977#issuecomment-1051762859, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARDQN5VGGWML2A7U6RMBH4LU5B7LPANCNFSM5PJ4XBIA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[rduivenvoorde]

Moving to github/english again :-)

I've asked for some budget to fix this, but meanwhile: please ask your ICT peeps to whitelist qgis.org and about some info about dnssec (which is for what I know not widely used yet???)

(atlhough your plugins come from plugins.qgis.org, a totallty other server... with other webserver things....)

And in the meanwhile: you could download the zip's of your desired plugins (either on another pc/network) via: plugins.qgis.org and then install via zip (it's an option in the plugin manager)?

[Bandersnatch50]

Als this other side is blocked. So I cannot download it…. Strange

I will ask the IT department.

Thank you, Erik

Op za 26 feb. 2022 om 09:10 schreef Richard Duivenvoorde < @.***>

Moving to github/english again :-)

I've asked for some budget to fix this, but meanwhile: please ask your ICT peeps to whitelist qgis.org and about some info about dnssec (which is for what I know not widely used yet???)

(atlhough your plugins come from plugins.qgis.org, a totallty other server... with other webserver things....)

And in the meanwhile: you could download the zip's of your desired plugins (either on another pc/network) via: plugins.qgis.org and then install via zip (it's an option in the plugin manager)?

— Reply to this email directly, view it on GitHub https://github.com/qgis/QGIS-Website/issues/977#issuecomment-1051803444, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARDQN5VMWWN5GEVFU6BD2XLU5CDIXANCNFSM5PJ4XBIA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[Bandersnatch50]

Maybe a hint. I also had problems with some sites from. Just van der Broecke and he solved his security things.

Maybe he can assist?

Regards, Erik

Op za 26 feb. 2022 om 09:16 schreef Bandersnatch < @.***>

Als this other side is blocked. So I cannot download it…. Strange

I will ask the IT department.

Thank you, Erik

Op za 26 feb. 2022 om 09:10 schreef Richard Duivenvoorde < @.***>

Moving to github/english again :-)

I've asked for some budget to fix this, but meanwhile: please ask your ICT peeps to whitelist qgis.org and about some info about dnssec (which is for what I know not widely used yet???)

(atlhough your plugins come from plugins.qgis.org, a totallty other server... with other webserver things....)

And in the meanwhile: you could download the zip's of your desired plugins (either on another pc/network) via: plugins.qgis.org and then install via zip (it's an option in the plugin manager)?

— Reply to this email directly, view it on GitHub https://github.com/qgis/QGIS-Website/issues/977#issuecomment-1051803444, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARDQN5VMWWN5GEVFU6BD2XLU5CDIXANCNFSM5PJ4XBIA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[Bandersnatch50]

I heard from our IT what the problem is.

The page is loaded from columbia (flare… something) it is blocked by our firewall. I think kind of caching.

Regards, Erik

Op ma 28 feb. 2022 om 10:06 schreef Bandersnatch < @.***>

Maybe a hint. I also had problems with some sites from. Just van der Broecke and he solved his security things.

Maybe he can assist?

Regards, Erik

Op za 26 feb. 2022 om 09:16 schreef Bandersnatch < @.***>

Als this other side is blocked. So I cannot download it…. Strange

I will ask the IT department.

Thank you, Erik

Op za 26 feb. 2022 om 09:10 schreef Richard Duivenvoorde < @.***>

Moving to github/english again :-)

I've asked for some budget to fix this, but meanwhile: please ask your ICT peeps to whitelist qgis.org and about some info about dnssec (which is for what I know not widely used yet???)

(atlhough your plugins come from plugins.qgis.org, a totallty other server... with other webserver things....)

And in the meanwhile: you could download the zip's of your desired plugins (either on another pc/network) via: plugins.qgis.org and then install via zip (it's an option in the plugin manager)?

— Reply to this email directly, view it on GitHub https://github.com/qgis/QGIS-Website/issues/977#issuecomment-1051803444, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARDQN5VMWWN5GEVFU6BD2XLU5CDIXANCNFSM5PJ4XBIA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[rduivenvoorde]

@Bandersnatch50 duh, THAT is a lousy reason! So because the traffic (seems!) to come from a specific country: let's block it?

We indeed use Cloudflare (https://www.cloudflare.com/) to have a cache/protection in front of us. But it is really strange to block this (as it is used by A LOT of other sites world wide...).

No Christmas present for that office, I would say :-)

Closing this one then.