Redirect HTTP traffic to HTTPS?

Forum|Forum|13 years ago
January 24, 2013
3 replies
10209 views

I' m hosting on a web server behind a FortiWiFi 60C. Internally, users access the port 80 site, and externally, I have a policy allowing 443 traffic. How can I get traffic incoming (externally) on port 80 to redirect to 443? I' ve searched on this a lot and have come up with nothing. I must be using the wrong search terms - I' m not a network guy. Any help is greatly appreciated. Thank you.

Rick_H

New Member

Typically this type of redirect is done on the webserver itself. The process is different for each web server and, of course, you' d have to allow inbound connections to reach your webserver on port 80 as well. You could probably use port address translation on your Virtual IP to map 80 to 443, but I' m not sure how your browser would behave when it started receiving encrypted traffic while expecting straight HTTP.

NolanAuthor

New Member

Thanks for the quick reply! I did try port address transaction on my virtual IP, but it didn' t work as expected - like you pointed out. I previously had an ISA server for a firewall and it handled the redirection nicely in the web publishing rules, so I thought I' d just check to see if the firewall could continue to handle it. I will then investigate configuring the web server to handle the redirection. Thanks again for the help!

Rick_H

New Member

There are a lot of folks who still use ISA in conjunction with a more traditional firewall. ISA can act as a web application firewall (WAF) and operate at higher OSI levels than a traditional firewall typically does (and therefore do the redirect for you). This is especially true for Microsoft products. If you still have a current ISA license and are dead set against allowing multiple ports to your web server from the outside then ISA may be a solution for you. It would be a bit more complicated, but would offer some flexibility in exchange. Otherwise, the webserver-based redirect will be the way to go. EDIT: I accidentally a word.

Dave_Hall

New Member

How can I get traffic incoming (externally) on port 80 to redirect to 443? I' ve searched on this a lot and have come up with nothing.

Keep in mind that the HTTP management port (if enabled) for the Fortigate is on port 80. If you are planning to set up a VIP/port forward, you may need to change the http management port (under System->Admin->Settings) to something else other than port 80.

DW_FTNT

Staff

HTTP to HTTPS redirect was added to 6.2.1 Code you can terminate 443 on the fortigate or just pass 443 all the way to the server. This link shows how to terminate/offload 443 on the fortigate https://docs.fortinet.com...ect-for-load-balancing here is a link to offloading https://help.fortinet.com...db-ssl-tls-offload.htm if you want to just pass 443 to the server and not terminate the session on the fortigate edit the vip "virtual-server-https" ---> set server-type tcp

you can also redirect other ports like 8080 using http edit "virtual-server-http" set extport 80 to set extport 8080 be sure to use proxy mode

Markus

New Member

I know, very old post, but good news...

Starting with FortiOS 6.2.1, you can configure a virtual server with HTTP to HTTPS redirect enabled

https://docs.fortinet.com...ect-for-load-balancing

[Edit]

sorry, allready posted :)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded