Summary of URLs for use with Club Log


  1. The correct URL for all web site, iFrames and API requests is: 

    https://clublog.org/

  2. The correct URL for all static content (e.g. cty.xml) is: 

    https://cdn.clublog.org/


Breaking changes


Since APIs were added to Club Log, a number of changes have happened which potentially break pre-existing integrations. Here is a brief summary:


HTTP and weak ciphers - 2017


Prior to 2017, Club Log was accessible using HTTP or HTTPS. After that time, we switched to strictly HTTPS only, in line with best practice. Additionally, in 2018, we removed support for weak ciphers, at which time Windows XP could no longer connect (without significant effort). Windows XP was already out of support from Microsoft as of 2014.


Legacy URLs (secure.clublog.org etc) - 2018


In 2018, URLs such as https://secure.clublog.org and https://www.clublog.org/ were replaced with https://clublog.org


Content Delivery Network enforced - 2019


In 2019, Cloudflare was introduced to provide a content delivery network (CDN) for Club Log's static content. This is particularly important for files like cty.xml, a large document describing DXCC entities and exceptions which evolves daily and is therefore downloaded thousands of times a day by individual DXers via their logbook software. In order to ensure that access to static content only occurs via the CDN, the URL https://cdn.clublog.org/ was introduced, and later enforced (i.e. other routes to static content were actively blocked with an error message).


Reactive Firewall - 2020


In 2020, in response to active attempts to disrupt Club Log by politically-motivated parties (e.g. during Russian DXpeditions), Club Log introduced a reactive firewall. Patterns of bad traffic, especially scans, probes for passwords and attempts to forcibly consume resources, are all actively monitored. IP addresses and entire netblocks are firewalled upstream for variable amounts of time, as needed.


Note that users who repeatedly present bad credentials to Club Log (e.g. misconfigured real-time uploads) will also tend to be caught up in active firewalling. If you are a developer building a product which integrates with Club Log, please ensure you handle HTTP error code 403 by disabling real-time logging immediately.


Legacy URLs cease to exist (secure.clublog.org etc) - 2022


Support for the legacy URLs was finally dropped from DNS records in December 2022 as certificates expired. As of 2023, any integration still using the legacy URLs stopped working until references to the old URLs were replaced with https://clublog.org/ (see top of page). This change caused disruption, but allowed for significant simplification of network routes and web server configuration (consider for example that POST requests cannot be redirected using HTTP 301 redirects, and that API clients may not be showing the end user any errors).