I've noticed by default Untangle presents a login prompt via HTTPS with external administration disabled. While logging in doesn't present the user with any administrative options, is there a reason to respond to HTTPS at all when external administration is disabled? Aside from inviting login attempts, I've found a few sites using Untangle where this causes the Untangle login to appear when mistakenly using HTTPS instead of HTTP when accessing the naked domain name. In fact, you can find some of these via Google where they've indexed the login page (though I must admit I haven't looked to see if robots.txt is configured to prevent this.) I was going to file this as a bug, but I thought I'd ask first if there is an explanation for it I may be overlooking.