I’ve just created a new website which has optional sign-in capability. Avast is blocking use of the sign-in URL. The URL is of the following form: http://domain.name/webtrees/login.php?url=index.php%3Fctype%3Dgedcom%26ged%3Dtree1
Oddly, there was no problem for a little while then all of a sudden it won’t allow connection. Seems like Avast must have learned something it didn’t like. But what could it be? The only thing I can see that might be odd is that I’m using HTTP rather than HTTPS. However, that is intended and necessary.
I can circumvent the problem by turning off Avast or even abandoning Avast all together but I can’t tell what kind of anti-virus my users might have and prefer not to get involved in diagnosing their problem.
Bottom line is that Avast ought not be blocking this site.
I hope there is a simple explanation that I’ve simply failed to recognize. What might that be?
I tried to capture the requested screen shot but that also seems to be something that doesn’t work with Avast. The screen that pops up seems not to ever get focus or allow me to select it for focus so when screen shot is selected I get the error from the browser saying it cannot connect to the website.
Maybe I need some instruction on how to take screen shots for such windows but it doesn’t really say anything more than what I’ve said. It says “Threat Detected” and identified my perfectly legitimate URL.
My theory is that it is objecting to logon being performed with HTTP rather than HTTPS. While it is quite normal for logon pages to be invoked using HTTP they usually redirect to a port (443) that uses HTTPS. This may explain why it worked a few times before objecting because it had to learn that the logon never went to a secure port. With that said, I’d have to admit that I cannot think of a good criteria for it to use in determining the scenario I mentioned.