HTTP to HTTPS (SSL) Redirect?

Please post here if you have problems in using Wing FTP Server.

HTTP to HTTPS (SSL) Redirect?

Postby andersonit » Mon May 23, 2011 5:47 pm

Anyone have any ideas on how to force web connections to SSL on the server? I can't find any info, so I'm assuming this would be something that would have to be scripted into the login.html? Please let me know if you have any suggestions.
Thanks!
andersonit
 
2
 
Mon May 23, 2011 5:26 pm

Re: HTTP to HTTPS (SSL) Redirect?

Postby FTP » Tue May 24, 2011 4:04 am

Yes, you are right. Just add the following javascript into the head of the file "webclient/login.html":

Code: Select all
<script>
if(location.href.indexOf('http://') != -1)
{
   location = "https://YourServerIP/login.html";
}
</script>
FTP
Site Admin
 
1658
 
Tue Sep 29, 2009 6:09 am

Re: HTTP to HTTPS (SSL) Redirect?

Postby andersonit » Wed May 25, 2011 3:16 pm

One note: the first line needed to be
Code: Select all
<script language="javascript">
for it to work.
Thank you VERY much!
andersonit
 
2
 
Mon May 23, 2011 5:26 pm

Re: HTTP to HTTPS (SSL) Redirect?

Postby storm » Sat Aug 11, 2012 9:51 am

If you make that:

if(location.href.indexOf('http://') != -1) {
location = "https:" + location.href.substr(location.href.indexOf('http') +5);
}

it will work for multiple domains.
storm
 
6
 
Fri May 20, 2011 6:50 am

Re: HTTP to HTTPS (SSL) Redirect?

Postby FTP » Mon Aug 13, 2012 8:37 am

Thanks for your sharing.
FTP
Site Admin
 
1658
 
Tue Sep 29, 2009 6:09 am

Re: HTTP to HTTPS (SSL) Redirect?

Postby eordona » Fri Aug 24, 2012 5:59 pm

Presumably with this solution you will need to continually update webclient/login.html after every upgrade of the software.

Alternatively you could (should?) look at doing this via the http server configuration.

I do this on linux using apache, by editing the /etc/httpd/conf/httpd.conf file, example shown below. You will find this at the end of the httpd.conf file:

(uncomment out this line)
NameVirtualHost *:80

(add this section)
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName http://www.yourservername.com
Redirect 301 / https://www.yourservername.com
</VirtualHost>

... then restart the httpd service.

This solution will redirect traffic regardless of the html file being served -- if traffic comes in via http it immediately gets redirected to https.
eordona
 
52
 
Fri Aug 24, 2012 5:42 pm

Re: HTTP to HTTPS (SSL) Redirect?

Postby Buzzed » Fri Jan 17, 2014 7:00 pm

This is a really bad idea!!! You should not implement http to https redirects as you are exposing yourself/users to man-in-the-middle (MITM) attacks, particularly anyone who uses sslstrip. See Moxie Marlinspike's discussion.

http://www.thoughtcrime.org/software/sslstrip/
Buzzed
 
1
 
Fri Jan 17, 2014 6:58 pm

Re: HTTP to HTTPS (SSL) Redirect?

Postby FTP » Thu Mar 10, 2016 12:31 pm

From the version 4.6.3, WingFTP added a feature "HTTP to HTTPS redirect", you just need to enable the option "Domain > Settings > General Settings > Miscellaneous > Redirect HTTP to HTTPS automatically".
FTP
Site Admin
 
1658
 
Tue Sep 29, 2009 6:09 am


Return to Support

Who is online

Users browsing this forum: No registered users and 1 guest