FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
kmak
Staff
Staff
Article Id 329939
Description This article describes how to troubleshoot a Website's bad request 'plain HTTP request sent to HTTPS port' error when proxied through FortiWeb.
Scope FortiWeb.
Solution

This article shows one of the common issues that users may encounter during the initial configuration of the FortiWeb. The error message that may appear when proxying the website through the FortiWeb, return code 400 Bad Request – plain HTTP request was sent to HTTPS port.

 

This is a common misconfiguration setting that a user may make during the initial setup, whereas the Backend Real Server service port is required to be connected using the secured connection (SSL enabled), but it is configured without SSL settings.

 

Sample error messages of different web servers.

  • Apache:

kmak_0-1722569050620.jpeg
  • Nginx:

kmak_1-1722569050623.jpeg
  • IIS:

kmak_2-1722569050624.jpeg

 

Example configuration of Real Server Pool without SSL:

kmak_3-1722569050628.jpeg

It is also common that the application's real server is using a non-standard HTTP/HTTPS port, and the WAF admin may not be told to enable SSL for the Real Server Pool connection.

 

The Real Server Pool configuration correction:

kmak_4-1722569050636.jpeg

To fix the issue, edit the Real Server settings and enable the SSL option. Also, confirm that the port is correctly configured as it is changed to default 443 when toggle to enable the SSL option.

 

Related document:

Defining your web servers
Contributors