Hot!Redirect HTTP traffic to HTTPS?

Author
Nolan
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/01/24 08:03:17
  • Status: offline
2013/01/24 08:08:11 (permalink)
0

Redirect HTTP traffic to HTTPS?

I' m hosting on a web server behind a FortiWiFi 60C. Internally, users access the port 80 site, and externally, I have a policy allowing 443 traffic.

How can I get traffic incoming (externally) on port 80 to redirect to 443? I' ve searched on this a lot and have come up with nothing. I must be using the wrong search terms - I' m not a network guy.

Any help is greatly appreciated. Thank you.
#1

5 Replies Related Threads

    Rick H
    Gold Member
    • Total Posts : 160
    • Scores: 8
    • Reward points: 0
    • Joined: 2012/06/20 12:49:42
    • Location: Memphis, TN, US
    • Status: offline
    RE: Redirect HTTP traffic to HTTPS? 2013/01/24 08:28:02 (permalink)
    0
    Typically this type of redirect is done on the webserver itself. The process is different for each web server and, of course, you' d have to allow inbound connections to reach your webserver on port 80 as well.

    You could probably use port address translation on your Virtual IP to map 80 to 443, but I' m not sure how your browser would behave when it started receiving encrypted traffic while expecting straight HTTP.
    #2
    Nolan
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/01/24 08:03:17
    • Status: offline
    RE: Redirect HTTP traffic to HTTPS? 2013/01/24 08:36:09 (permalink)
    0
    Thanks for the quick reply! I did try port address transaction on my virtual IP, but it didn' t work as expected - like you pointed out.

    I previously had an ISA server for a firewall and it handled the redirection nicely in the web publishing rules, so I thought I' d just check to see if the firewall could continue to handle it.

    I will then investigate configuring the web server to handle the redirection. Thanks again for the help!
    #3
    Rick H
    Gold Member
    • Total Posts : 160
    • Scores: 8
    • Reward points: 0
    • Joined: 2012/06/20 12:49:42
    • Location: Memphis, TN, US
    • Status: offline
    RE: Redirect HTTP traffic to HTTPS? 2013/01/24 08:52:10 (permalink)
    0
    There are a lot of folks who still use ISA in conjunction with a more traditional firewall. ISA can act as a web application firewall (WAF) and operate at higher OSI levels than a traditional firewall typically does (and therefore do the redirect for you). This is especially true for Microsoft products. If you still have a current ISA license and are dead set against allowing multiple ports to your web server from the outside then ISA may be a solution for you. It would be a bit more complicated, but would offer some flexibility in exchange. Otherwise, the webserver-based redirect will be the way to go.


    EDIT: I accidentally a word.
    < Message edited by rick h -- 1/24/2013 11:09:54 AM >
    #4
    Dave Hall
    Expert Member
    • Total Posts : 1458
    • Scores: 160
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    RE: Redirect HTTP traffic to HTTPS? 2013/01/24 09:01:37 (permalink)
    0
    How can I get traffic incoming (externally) on port 80 to redirect to 443? I' ve searched on this a lot and have come up with nothing.

    Keep in mind that the HTTP management port (if enabled) for the Fortigate is on port 80. If you are planning to set up a VIP/port forward, you may need to change the http management port (under System->Admin->Settings) to something else other than port 80.
    #5
    DW_FTNT
    New Member
    • Total Posts : 7
    • Scores: 2
    • Reward points: 0
    • Joined: 2019/08/12 07:38:28
    • Status: offline
    Re: RE: Redirect HTTP traffic to HTTPS? 2019/08/12 08:58:36 (permalink)
    0
    HTTP to HTTPS redirect was added to 6.2.1 Code
     
    you can terminate 443 on the fortigate or just pass 443 all the way to the server.
    This link shows how to terminate/offload 443 on the fortigate
    https://docs.fortinet.com...ect-for-load-balancing
    here is a link to offloading
    https://help.fortinet.com...db-ssl-tls-offload.htm
     
     
    if you want to just pass 443 to the server and not terminate the session on the fortigate
    edit the vip
    "virtual-server-https"
    --->  set server-type tcp
     
    you can also redirect other ports like 8080  using http
    edit "virtual-server-http"
        set extport 80
    to
       set extport 8080
     
     
    be sure to use proxy mode
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5