Almost three years ago we wrote about using GitHub for providing a sort of HTTPS wrapper around our StatusCake status pages. StatusCake does provide HTTPS status pages, but their free plan only offers URLs like https://uptime.statuscake.com/?TestID=4TC8WjmZ8X and we wanted to use our own sub-domains like https://status.hackthissite.org. Our domains use HTTP Strict Transport Security (HSTS), which enforces HTTPS on all sub-domains, so our status page URLs would also require an HTTPS protocol. We originally used a VPS to serve the HTTPS status sub-domains (first as a redirect and later as a frame), which created a single point of failure. So we switched to using GitHub Pages (which we described in a prior blog post). This was fine for some time, but then web browsers received updates that eventually broke this.
The main problem was that we were using frames to load the StatusCake status pages. We lacked control over what HTTP response headers GitHub would send, including cache settings and Cross-origin resource sharing (CORS), so updating these frames to support modern standards across common browsers and extensions proved to be challenging. But we also lacked visibility. GitHub pages do not provide any statistics. Frames were just too much of a hassle and we wanted traffic insights, so a new solution was needed.
Enter: Redirect.Pizza
There are many redirection services out there. In fact most domain registrars offer this. But almost none of them provide HTTPS redirects, which conflicts with HTTP Strict Transport Security, and fewer still provide any visibility. Redirect.Pizza has all of these features, especially HTTPS redirects and aggregate analytics, and can even provide frames if we ever wanted to return to that model. It also supports a lot of other features that we could use, such as variable redirect URLs, URI and query string forwarding, and an API.
Of course, we could have returned to using a VPS again or used something like AWS CloudFront to provide HTTPS redirects, but these have their own downsides including a lot of costing money that we simply do not have. Instead we partnered with Redirect.Pizza because they provided all of the features we need (and more) with a very straightforward configuration and aggregate analytics (they don't track individual users but rather overall stats by URL and country).
This is now live for all of our status pages, which you can find below:
- https://status.hackthissite.org
- https://status.htscdn.org
- https://status.hts.io
- https://status.cryptopaste.org
Finally, we want to send a big thank you to the Enflow team (the makers of Redirect.Pizza) for partnering with and supporting HackThisSite! Partnerships like this keep HackThisSite online and enable us to continue providing our ethical hacking playground for new generations of security experts. If you would like to support HackThisSite, you can always donate to us, or reach out to us on Twitter or by email if you would like to partner with us, too.