[saagarjha]

Isn't this the firewall itself rewriting request responses that happen to be from http://baidu.com? How is Baidu infected in this case, and what can they do to prevent this on their aside aside from strict HTTPS upgrades?

[toast0]

Strict HTTPS upgrades is probably warranted. Getting into the https preload list is easy (if your infrastructure is ready) and effective.

HTTPS has real costs, but if you're distributing javascript at high volumes you should pay them.

(Handling the ddos is harder when the target is https though... Can't know what the handshake is about until you've spent the cpu on handshaking)