rejetto forum

redirection : http:\\aaaaa.aaa en https:\\aaaaa.aaa

0 Members and 1 Guest are viewing this topic.

Offline jbckylie

  • Occasional poster
  • *
    • Posts: 3
    • View Profile
Hello,
i have a question:
how can i do to have an automatic redirection from http to https.

My config:
wrt54g with port 80 to a pc in 192.168.1.101

hfs on port 80

stunnel on port 443.

If i do https:\\aaaa.aaa , it's ok : stunnel+hfs = hfs secure

I just want : a guy which type http:\\aaaa.aa is automaticaly routed to https\\aaaa.aaa via stunnel+hsf.

Thanks you.



Offline ~GeeS~

  • Tireless poster
  • ****
    • Posts: 269
  • "The web was made for sharing..."
    • View Profile
One possible solution could be (had no time to test it myself, is still on my To-Do list):

- Run 2 instances of HFS (go to Menu:Start/Exit:Only 1 instance, uncheck) or do you want to do to this on more than 1 machine?

- Run the first instance of HFS listening on port 80 (portforwarding on your router enabled for port 80)

- First HFS serves only one webpage with a redirect to https://aaaaa.aaa:443
     
Code: [Select]
<meta http-equiv="refresh" content="0;URL=https://aaaaa.aaa/" />
- Run STunnel listening on port 443 (portforwarding on your router enabled for port 443)

- Run a second instance of HFS (with your filesystem) on port 65080 (or any other unused free port)

- Forward STunnel to port 65080 or accordingly (portforwarding on your router disabled for port 65080 or accordingly)

Results:
Requests for (http://)aaaaa.aaa(:80) (first HFS with webpage only) will be redirected to https://aaaaa.aaa:443 (Stunnel) and from there to the second instance of HFS with your filesystem.
Because the port of the second instance of HFS with your filesytem is not forwarded in your router, http from the outside of your LAN is not possible; it can be approached only by https/ssl thru STunnel.
Requests for https://aaaaa.aaa(:443) would go directly thru STunnel to your second instance of HFS with your filesystem.

Remark: Without a router this could be achieved also. But if a visitor knows/finds/guesses the port of your second instance of HFS with your fileserver, it could be approached unsecure with http://aaaaa.aaa:65080

Or as a diagram:
 
Quote
browser  -http-->    80:router -http---->  80:HFS_1(webpage) <browser redirected to: https:443 by HTML>

   browser  -https->   443:router -https---> 443:STunnel ----http-> 65080:HFS_2(filesystem)
 
   browser  -http--> 65080:router -blocked-|

Good luck! Hope it works!
_____
~GeeS~

PS. If somebody has some suggestions/experience on combining Proxomitron/Stunnel/HFS for (ssl-)proxying ... you're very welcome.
~GeeS~


Offline maverick

  • Tireless poster
  • ****
    • Posts: 1052
  • Computer Solutions
    • View Profile
jbckylie

If you don't really need re-direction from http to https,  go directly to https
 --> therefore the starting address would be https://xxx.xxx.xxx.xxx -->

In HFS, restrict access to all accounts in the vfs root. (right click on /)

In your firewall, deny access for HFS to the internet, but grant acccess for  STunnel to the internet. People are then forced to only use https while visiting your site.  Any http attempt will be blocked.

Tested and works fine and you don't have to play around with your router.
maverick