LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-14-2007, 09:59 AM   #1
baboow
LQ Newbie
 
Registered: Oct 2007
Posts: 11

Rep: Reputation: 0
redirecting https web page to http internal website


I have a website that has a login form for employees. This is https. Once they login, a button appears that they click and redirects them to intranet website. This all works when using http.

I've tried to redirect button link to port 80 but that did not work. I get server not found.

I am hoping some of you knowledgeable people could point me in the right direction. Net searches turn up http to https, but nothing going from https to http.

thanks for any help
 
Old 12-15-2007, 08:18 PM   #2
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
When you change protocol, you will need to specify explicitly in your link target that you want the client redirected to http://your.internal.site/somepage.html. Trying to do this via a link of the form your.internal.site/somepage.html:80 will result in the user's browser trying to speak HTTPS over port 80, which is almost certainly not what you want.

As a secondary consideration, I hope you have some (relatively) secure way of passing along the fact that the user has actually signed in successfully; otherwise a user could just point his browser explicitly to the internal website, and connect without ever visiting your login site. Such a mechanism would have to pass along some sort of token that would be accepted by the internal web server as evidence of the login, but which was (extremely) hard for a user to forge.

The only scheme that comes to mind for this is a database on the login server that will verify on each web access request that user foo, represented by encrypted token bar and originating at IP address x.x.x.x , is a legitimate user. The encrypted login token can be passed back and forth between the client's browser and the internal server (and between that server and the login server), provided the encryption covers not only the password, but also the IP of the request and maybe the time of login. This login token can be created by the login server, and passed back to the browser, as well as being stored in the login server's database. That way, an eavesdropper would have a pretty hard time of it even if he obtained the encrypted token, since he would have to break the encryption, substitute his own IP, and re-encrypt before some reasonable timeout (say 15 minutes) had elapsed. Every time the login server is asked to validate a login token, then it should reset the timeout. If it ever receives an invalid token, it should invalidate any saved login data for the IP address from which it originated. You get the idea.
 
Old 12-17-2007, 09:27 AM   #3
baboow
LQ Newbie
 
Registered: Oct 2007
Posts: 11

Original Poster
Rep: Reputation: 0
dkm999: thanks for the reply. Sorry it took so long to acknowledge your post. I forgot my password .

Yes, I am aware of how to do a redirect but it is still not working. I am in the process of building a dmz and this will fix issues.


thank you again for taking the time to reply and having some substance to your reply. It is greatly appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to change Apache page from http to https technodweeb Linux - Server 9 03-08-2013 01:42 PM
monodoc-http gives a http 500 internal server error ernesto_cgf Linux - Software 0 05-10-2007 04:48 PM
HTTPS, HTTP, SSH on Fedora Core 5, Linksys WRT54G router, can see page on LAN dracoscool Linux - Networking 2 04-13-2006 03:32 AM
redirecting http server xowl Linux - Networking 3 06-18-2005 05:25 AM
https or http? antken Programming 3 10-30-2002 06:06 PM


All times are GMT -5. The time now is 11:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration