Anyone have any ideas on how to force web connections to SSL on the server? I can't find any info, so I'm assuming this would be something that would have to be scripted into the login.html? Please let me know if you have any suggestions.
Thanks!
HTTP to HTTPS (SSL) Redirect?
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: HTTP to HTTPS (SSL) Redirect?
Yes, you are right. Just add the following javascript into the head of the file "webclient/login.html":
Code: Select all
<script>
if(location.href.indexOf('http://') != -1)
{
location = "https://YourServerIP/login.html";
}
</script>
-
- Posts: 2
- Joined: Mon May 23, 2011 5:26 pm
Re: HTTP to HTTPS (SSL) Redirect?
One note: the first line needed to be for it to work.
Thank you VERY much!
Code: Select all
<script language="javascript">
Thank you VERY much!
-
- Posts: 6
- Joined: Fri May 20, 2011 6:50 am
Re: HTTP to HTTPS (SSL) Redirect?
If you make that:
if(location.href.indexOf('http://') != -1) {
location = "https:" + location.href.substr(location.href.indexOf('http') +5);
}
it will work for multiple domains.
if(location.href.indexOf('http://') != -1) {
location = "https:" + location.href.substr(location.href.indexOf('http') +5);
}
it will work for multiple domains.
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: HTTP to HTTPS (SSL) Redirect?
Thanks for your sharing.
-
- Posts: 55
- Joined: Fri Aug 24, 2012 5:42 pm
Re: HTTP to HTTPS (SSL) Redirect?
Presumably with this solution you will need to continually update webclient/login.html after every upgrade of the software.
Alternatively you could (should?) look at doing this via the http server configuration.
I do this on linux using apache, by editing the /etc/httpd/conf/httpd.conf file, example shown below. You will find this at the end of the httpd.conf file:
(uncomment out this line)
NameVirtualHost *:80
(add this section)
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName http://www.yourservername.com" rel="nofollow
Redirect 301 / https://www.yourservername.com" rel="nofollow
</VirtualHost>
... then restart the httpd service.
This solution will redirect traffic regardless of the html file being served -- if traffic comes in via http it immediately gets redirected to https.
Alternatively you could (should?) look at doing this via the http server configuration.
I do this on linux using apache, by editing the /etc/httpd/conf/httpd.conf file, example shown below. You will find this at the end of the httpd.conf file:
(uncomment out this line)
NameVirtualHost *:80
(add this section)
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName http://www.yourservername.com" rel="nofollow
Redirect 301 / https://www.yourservername.com" rel="nofollow
</VirtualHost>
... then restart the httpd service.
This solution will redirect traffic regardless of the html file being served -- if traffic comes in via http it immediately gets redirected to https.
-
- Posts: 1
- Joined: Fri Jan 17, 2014 6:58 pm
Re: HTTP to HTTPS (SSL) Redirect?
This is a really bad idea!!! You should not implement http to https redirects as you are exposing yourself/users to man-in-the-middle (MITM) attacks, particularly anyone who uses sslstrip. See Moxie Marlinspike's discussion.
http://www.thoughtcrime.org/software/sslstrip/" rel="nofollow
http://www.thoughtcrime.org/software/sslstrip/" rel="nofollow
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: HTTP to HTTPS (SSL) Redirect?
From the version 4.6.3, WingFTP added a feature "HTTP to HTTPS redirect", you just need to enable the option "Domain > Settings > General Settings > Miscellaneous > Redirect HTTP to HTTPS automatically".