Page 1 of 1

HTTP to HTTPS (SSL) Redirect?

PostPosted: Mon May 23, 2011 5:47 pm
by andersonit
Anyone have any ideas on how to force web connections to SSL on the server? I can't find any info, so I'm assuming this would be something that would have to be scripted into the login.html? Please let me know if you have any suggestions.
Thanks!

Re: HTTP to HTTPS (SSL) Redirect?

PostPosted: Tue May 24, 2011 4:04 am
by FTP
Yes, you are right. Just add the following javascript into the head of the file "webclient/login.html":

Code: Select all
<script>
if(location.href.indexOf('http://') != -1)
{
   location = "https://YourServerIP/login.html";
}
</script>

Re: HTTP to HTTPS (SSL) Redirect?

PostPosted: Wed May 25, 2011 3:16 pm
by andersonit
One note: the first line needed to be
Code: Select all
<script language="javascript">
for it to work.
Thank you VERY much!

Re: HTTP to HTTPS (SSL) Redirect?

PostPosted: Sat Aug 11, 2012 9:51 am
by storm
If you make that:

if(location.href.indexOf('http://') != -1) {
location = "https:" + location.href.substr(location.href.indexOf('http') +5);
}

it will work for multiple domains.

Re: HTTP to HTTPS (SSL) Redirect?

PostPosted: Mon Aug 13, 2012 8:37 am
by FTP
Thanks for your sharing.

Re: HTTP to HTTPS (SSL) Redirect?

PostPosted: Fri Aug 24, 2012 5:59 pm
by eordona
Presumably with this solution you will need to continually update webclient/login.html after every upgrade of the software.

Alternatively you could (should?) look at doing this via the http server configuration.

I do this on linux using apache, by editing the /etc/httpd/conf/httpd.conf file, example shown below. You will find this at the end of the httpd.conf file:

(uncomment out this line)
NameVirtualHost *:80

(add this section)
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName http://www.yourservername.com
Redirect 301 / https://www.yourservername.com
</VirtualHost>

... then restart the httpd service.

This solution will redirect traffic regardless of the html file being served -- if traffic comes in via http it immediately gets redirected to https.

Re: HTTP to HTTPS (SSL) Redirect?

PostPosted: Fri Jan 17, 2014 7:00 pm
by Buzzed
This is a really bad idea!!! You should not implement http to https redirects as you are exposing yourself/users to man-in-the-middle (MITM) attacks, particularly anyone who uses sslstrip. See Moxie Marlinspike's discussion.

http://www.thoughtcrime.org/software/sslstrip/

Re: HTTP to HTTPS (SSL) Redirect?

PostPosted: Thu Mar 10, 2016 12:31 pm
by FTP
From the version 4.6.3, WingFTP added a feature "HTTP to HTTPS redirect", you just need to enable the option "Domain > Settings > General Settings > Miscellaneous > Redirect HTTP to HTTPS automatically".