Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You could do it that way but the safer method (so those who don't realize they need to use https) would be to create an index.html page that would redirect them to the https page - that way if they were to use http instead of https they would still end up in the right place using ssl....
No, disabling port 80 will just make people complain because they can't connect to your server. You need to redirect them to the https site on port 433.
Creating an index.html to redirect them, as gmckinney suggested, is probably the easiest way to do that.
This system is to be used within a WAN and we set up all the machines. These machines are not allowed to communicate through HTTP at all and the users know it.
Is there a more drastic way to make the default HTTPS and to insure no machine is able to use HTTP?
Hmmm - Since you are wanting to limit the target machines to ONLY https (port 443) you would have to change the settings on the web browsers to only use https. You will need to dig into the docs for the web browser used to see how that is accomplished (in Windows there is a registry setting to state what the default port to use is BUT it can be bypassed!).
A second method would be to put a firewall at either the local WAN end or remote WAN end with firewall rules that would redirect all port 80 traffic to port 443. Again - depending on the firewall used (and it could be done in Linux with iptables).
A third method would be to setup a machine as a proxy server - then configure the proxy server to translate all http requests to https requests. You would need to configure the client machines to point to the proxy server to web browsing and lock down the machines so the client can not change the proxy settings in the browser...
One caveat to forcing all http traffic to https - if there is ever a need to use http on the client machines then they will not be able to do so easily unless you do use a firewall with specific target host machines targeted for https only. If this is the case it is much simpler to just have the host machine redirect the browser to https...
Just some thoughts early in the morning on the first cup of coffee...
surely it will be simpler to re-configure a few http servers to re-direct http connections to https rather than statically configure all the clients??
Just Port forwarding a normal http request to port
443 will not work because the client wil not know that it is trying to negotiate with a https server.
However If you send the https re-directs back then it will know to
do the proper handshake ssl/tls handshaking b4 sending its http request.
The proxy server suggestion could work but but no less complicated than the re-direction ploy that I see used on most https I have come across on the web.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.