The Rewrite Engine Rule in the sample apache configuration ( https://github.com/grnet/zeus/blob/master/conf/apache2_zeus#L29 ) does not redirect to https if the user is visiting /server-status/*.
This can allow an attacker in a privileged network position (MITM) to spoof the entire page and execute malicious JavaScript to a user visiting the page, access all cookies not marked as secure and change the page content for phishing / malware installation.
You are encouraged to add https to all pages regardless of content to avoid the above and similar attacks.
The Rewrite Engine Rule in the sample apache configuration ( https://github.com/grnet/zeus/blob/master/conf/apache2_zeus#L29 ) does not redirect to https if the user is visiting
/server-status/*.This can allow an attacker in a privileged network position (MITM) to spoof the entire page and execute malicious JavaScript to a user visiting the page, access all cookies not marked as secure and change the page content for phishing / malware installation.
You are encouraged to add https to all pages regardless of content to avoid the above and similar attacks.