HTTP to HTTPS (SSL) Redirect?

Please post here if you have problems in using Wing FTP Server.

HTTP to HTTPS (SSL) Redirect?

Postby andersonit » Mon May 23, 2011 5:47 pm

Anyone have any ideas on how to force web connections to SSL on the server? I can't find any info, so I'm assuming this would be something that would have to be scripted into the login.html? Please let me know if you have any suggestions.
Thanks!
andersonit
 
posts 2
 
joined Mon May 23, 2011 5:26 pm

Re: HTTP to HTTPS (SSL) Redirect?

Postby FTP » Tue May 24, 2011 4:04 am

Yes, you are right. Just add the following javascript into the head of the file "webclient/login.html":

Code: Select all
<script>
if(location.href.indexOf('http://') != -1)
{
   location = "https://YourServerIP/login.html";
}
</script>
FTP
Site Admin
 
posts 1200
 
joined Tue Sep 29, 2009 6:09 am

Re: HTTP to HTTPS (SSL) Redirect?

Postby andersonit » Wed May 25, 2011 3:16 pm

One note: the first line needed to be
Code: Select all
<script language="javascript">
for it to work.
Thank you VERY much!
andersonit
 
posts 2
 
joined Mon May 23, 2011 5:26 pm

Re: HTTP to HTTPS (SSL) Redirect?

Postby storm » Sat Aug 11, 2012 9:51 am

If you make that:

if(location.href.indexOf('http://') != -1) {
location = "https:" + location.href.substr(location.href.indexOf('http') +5);
}

it will work for multiple domains.
storm
 
posts 6
 
joined Fri May 20, 2011 6:50 am

Re: HTTP to HTTPS (SSL) Redirect?

Postby FTP » Mon Aug 13, 2012 8:37 am

Thanks for your sharing.
FTP
Site Admin
 
posts 1200
 
joined Tue Sep 29, 2009 6:09 am

Re: HTTP to HTTPS (SSL) Redirect?

Postby eordona » Fri Aug 24, 2012 5:59 pm

Presumably with this solution you will need to continually update webclient/login.html after every upgrade of the software.

Alternatively you could (should?) look at doing this via the http server configuration.

I do this on linux using apache, by editing the /etc/httpd/conf/httpd.conf file, example shown below. You will find this at the end of the httpd.conf file:

(uncomment out this line)
NameVirtualHost *:80

(add this section)
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName http://www.yourservername.com
Redirect 301 / https://www.yourservername.com
</VirtualHost>

... then restart the httpd service.

This solution will redirect traffic regardless of the html file being served -- if traffic comes in via http it immediately gets redirected to https.
eordona
 
posts 17
 
joined Fri Aug 24, 2012 5:42 pm

Re: HTTP to HTTPS (SSL) Redirect?

Postby Buzzed » Fri Jan 17, 2014 7:00 pm

This is a really bad idea!!! You should not implement http to https redirects as you are exposing yourself/users to man-in-the-middle (MITM) attacks, particularly anyone who uses sslstrip. See Moxie Marlinspike's discussion.

http://www.thoughtcrime.org/software/sslstrip/
Buzzed
 
posts 1
 
joined Fri Jan 17, 2014 6:58 pm


Return to Support

Who is online

Users browsing this forum: No registered users and 5 guests