Almost three years ago
we wrote about using GitHub for providing a sort of HTTPS wrapper around our
StatusCake status pages. StatusCake does provide HTTPS status pages, but their free plan only offers URLs like
https://uptime.statuscake.com/?TestID=4TC8WjmZ8X and we wanted to use our own sub-domains like
https://status.hackthissite.org. Our domains use
HTTP Strict Transport Security (HSTS), which enforces HTTPS on all sub-domains, so our status page URLs would also require an HTTPS protocol. We originally used a VPS to serve the HTTPS status sub-domains (first as a redirect and later as a frame), which created a single point of failure. So we switched to using
GitHub Pages (which we described in a
prior blog post). This was fine for some time, but then web browsers received updates that eventually broke this.
The main problem was that we were using frames to load the StatusCake status pages. We lacked control over what HTTP response headers GitHub would send, including cache settings and
Cross-origin resource sharing (CORS), so updating these frames to support modern standards across common browsers and extensions proved to be challenging. But we also lacked visibility. GitHub pages do not provide any statistics. Frames were just too much of a hassle and we wanted traffic insights, so a new solution was needed.
Enter:
Redirect.Pizza
There are many redirection services out there. In fact most domain registrars offer this. But almost none of them provide HTTP
S redirects, which conflicts with HTTP Strict Transport Security, and fewer still provide any visibility.
Redirect.Pizza has all of these features, especially HTTPS redirects and aggregate analytics, and can even provide frames if we ever wanted to return to that model. It also supports a lot of
other features that we could use, such as variable redirect URLs, URI and query string forwarding, and an API.
Of course, we could have returned to using a VPS again or used something like AWS CloudFront to provide HTTPS redirects, but these have their own downsides including a lot of costing money that
we simply do not have. Instead we partnered with
Redirect.Pizza because they provided all of the features we need (and more) with a very straightforward configuration and
aggregate analytics (they don't track individual users but rather overall stats by URL and country).
This is now live for all of our status pages, which you can find below:
Finally, we want to send a big thank you to the
Enflow team (the makers of
Redirect.Pizza) for partnering with and supporting HackThisSite! Partnerships like this keep HackThisSite online and enable us to continue providing our ethical hacking playground for new generations of security experts. If you would like to support HackThisSite, you can always
donate to us, or reach out to us on
Twitter or
by email if you would like to partner with us, too.