HTTP to HTTPS (SSL) Redirect?

Please post here if you have problems in using Wing FTP Server.
Post Reply
andersonit
Posts: 2
Joined: Mon May 23, 2011 5:26 pm

HTTP to HTTPS (SSL) Redirect?

Post by andersonit »

Anyone have any ideas on how to force web connections to SSL on the server? I can't find any info, so I'm assuming this would be something that would have to be scripted into the login.html? Please let me know if you have any suggestions.
Thanks!
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: HTTP to HTTPS (SSL) Redirect?

Post by FTP »

Yes, you are right. Just add the following javascript into the head of the file "webclient/login.html":

Code: Select all

<script>
if(location.href.indexOf('http://') != -1)
{
   location = "https://YourServerIP/login.html";
}
</script>
andersonit
Posts: 2
Joined: Mon May 23, 2011 5:26 pm

Re: HTTP to HTTPS (SSL) Redirect?

Post by andersonit »

One note: the first line needed to be

Code: Select all

<script language="javascript">
for it to work.
Thank you VERY much!
storm
Posts: 6
Joined: Fri May 20, 2011 6:50 am

Re: HTTP to HTTPS (SSL) Redirect?

Post by storm »

If you make that:

if(location.href.indexOf('http://') != -1) {
location = "https:" + location.href.substr(location.href.indexOf('http') +5);
}

it will work for multiple domains.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: HTTP to HTTPS (SSL) Redirect?

Post by FTP »

Thanks for your sharing.
eordona
Posts: 55
Joined: Fri Aug 24, 2012 5:42 pm

Re: HTTP to HTTPS (SSL) Redirect?

Post by eordona »

Presumably with this solution you will need to continually update webclient/login.html after every upgrade of the software.

Alternatively you could (should?) look at doing this via the http server configuration.

I do this on linux using apache, by editing the /etc/httpd/conf/httpd.conf file, example shown below. You will find this at the end of the httpd.conf file:

(uncomment out this line)
NameVirtualHost *:80

(add this section)
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName http://www.yourservername.com" rel="nofollow
Redirect 301 / https://www.yourservername.com" rel="nofollow
</VirtualHost>

... then restart the httpd service.

This solution will redirect traffic regardless of the html file being served -- if traffic comes in via http it immediately gets redirected to https.
Buzzed
Posts: 1
Joined: Fri Jan 17, 2014 6:58 pm

Re: HTTP to HTTPS (SSL) Redirect?

Post by Buzzed »

This is a really bad idea!!! You should not implement http to https redirects as you are exposing yourself/users to man-in-the-middle (MITM) attacks, particularly anyone who uses sslstrip. See Moxie Marlinspike's discussion.

http://www.thoughtcrime.org/software/sslstrip/" rel="nofollow
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: HTTP to HTTPS (SSL) Redirect?

Post by FTP »

From the version 4.6.3, WingFTP added a feature "HTTP to HTTPS redirect", you just need to enable the option "Domain > Settings > General Settings > Miscellaneous > Redirect HTTP to HTTPS automatically".
Post Reply