LinuxQuestions.org - [SOLVED] redirecting 80/tcp to 443/tcp using iptables

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - redirecting 80/tcp to 443/tcp using iptables (https://www.linuxquestions.org/questions/linux-security-4/redirecting-80-tcp-to-443-tcp-using-iptables-825521/)

redirecting 80/tcp to 443/tcp using iptables

I am running apache2 with a virtualhost setup with SSL. connections to the virtual host using https works and I can access my page.

By default I want all incoming connections to the vhost on 80/tcp to be rerouted to 443/tcp.

I've used the following command to achieve the desired result:

iptables -t nat -A PREROUTING -p tcp -i eth_s0_0 --dport 80 -j DNAT --to-destination 192.168.16.200:443

When a client connects to the vhost on port 80 it shows HTTP error 400.

Why is it doing this and how do I resolve the problem?

Thanks guys

Ricardo

Hi

Both the browser and the server will be confused by this. The browser sends a HTTP request, the server then gets an invalid HTTPS request, so it's not strange you get HTTP error 400 (bad request).

Instead, use mod_rewrite on the Apache server to force HTTPS. Something like:

RewriteCond %{SERVER_PORT}!^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]

I got it working using the following parameters inside the vhost config:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://webmail.mydomain.com

Thanks for the help!