VomSupport
asked on
Redirect all port 80 traffic to 443 using firewall
Centos 7 using firewalld
Am trying to redirect all requests to port 80 to port 443.. Otherwise http to https
I have added this rule forward-ports: port=80:proto=tcp:toport=4 43:toaddr=
But it doesn't seem to work
Am trying to redirect all requests to port 80 to port 443.. Otherwise http to https
I have added this rule forward-ports: port=80:proto=tcp:toport=4
But it doesn't seem to work
noci is correct. There is much more involved in successfully redirecting an insecure port 80 HTTP request to a secure port 443 HTTPS request than simply redirecting a packet.
Redirecting the packet would not create the desired effect even if it worked. The browser would be convinced that it is talking to an HTTP server and not an HTTPS server, and since the preceding TLS negotiation never occurred, the response from the web server would be unintelligible.
Much easier and more effective to use a mod_rewrite or .htaccess rule to do the job. This gets discussed here about twice a week and there are numerous examples of how to do it, for both Apache and IIS.
Redirecting the packet would not create the desired effect even if it worked. The browser would be convinced that it is talking to an HTTP server and not an HTTPS server, and since the preceding TLS negotiation never occurred, the response from the web server would be unintelligible.
Much easier and more effective to use a mod_rewrite or .htaccess rule to do the job. This gets discussed here about twice a week and there are numerous examples of how to do it, for both Apache and IIS.
And all the other webservers like nginx, lighttpd, hiawatha, h2o, adsf, boa, caddy, cherokee, civetweb etc. etc.
A very bad idea to attempt doing this at any network layer outside your Webserver.
You'll likely loose hours of your life debugging + have to eventually switch to Webserver redirects anyway... to get 100% stability with this...
Just do a simple redirect in your Apache config file for your site.
Simple Apache template I use for sites...
You'll likely loose hours of your life debugging + have to eventually switch to Webserver redirects anyway... to get 100% stability with this...
Just do a simple redirect in your Apache config file for your site.
Simple Apache template I use for sites...
<VirtualHost *:80>
ServerName www.WEBSITE
ServerAdmin support@WEBSITE
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [NC,L,R=302]
Include logging.conf
</VirtualHost>
<VirtualHost *:80>
ServerName WEBSITE
ServerAdmin support@WEBSITE
RewriteEngine on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NC,L,R=302]
Include logging.conf
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.WEBSITE
ServerAdmin support@WEBSITE
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=302]
Include logging.conf
SSLEngine on
SSLUseStapling on
SSLCertificateFile /etc/letsencrypt/live/WEBSITE/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/WEBSITE/privkey.pem
# Enable HTTP Strict Transport Security with a 2 year duration
Header always set Strict-Transport-Security "max-age=63072000; preload"
</VirtualHost>
<VirtualHost *:443>
ServerName WEBSITE
ServerAdmin support@WEBSITE
DocumentRoot /sites/OWNER/WEBSITE/TYPE
<Directory /sites/OWNER/WEBSITE/TYPE>
Options +Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Include logging.conf
SSLEngine on
SSLUseStapling on
SSLCertificateFile /etc/letsencrypt/live/WEBSITE/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/WEBSITE/privkey.pem
# Enable HTTP Strict Transport Security with a 2 year duration
Header always set Strict-Transport-Security "max-age=63072000; preload"
</VirtualHost>
</IfModule>
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
You need instruction for your webserver to upgrade the http traffic (if it arrives on port 80) to https. (on port 443).
That also requires the client to make a different request, one that does a SSL setup which is for more involved than a plain TCP setup.