I have a Tomcat 6.x or 7.x web application server running on a webserver listening on port 8443.
Why is it that when I access http://:8443, I am
prompted to download a file of the format application/octet-stream from any browser from any platform?
When I access http://:443 I get a 400 Bad Request.
Is there anyway to configure Tomcat to yield a 400 Bad Request error code if a user attempts to access the SSL port via http ?
It's because you need to type https:// beforehand :D I just had the same problem!
I think some forwarding is needed to ensure https is used.
Related
Background:
I have my personal website running on a lighttpd server on my raspberry pi. I have that server’s port (80) forwarded so it can be accessed publicly.
I’m in the process of making a project, and I want a node.js service to make requests to from the lighttpd server. I set up pm2 so the node.js server is always running. I have that port forwarded too (5000). I've verified that this server is working via postman and the browser
Problem:
I'm receiving the following error when making requests:
has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space private.
Of note; I have Access-Control-Allow-Private-Network:true in the response header and Access-Control-Request-Private-Network:true in the request header. The only other solution I've found that might fix this is getting an SSL cert for the lighttpd server and using https for it, however I'm struggling setting that up to see if it would work
Questions:
Would getting an SSL cert for lighttpd allow me to make requests to my pm2 server?
Is there a different solution?
How secure is this setup? I don't expect a lot of traffic...
I have apache server(Frontend code) running on 80 port with https secure(SSL is configured). Backend server is nodejs and it is configured on 3000 port. When I tried to call services from https to http i.e. Apache(port 80 ssl configured) to Nodejs (port 3000 non-ssl) it is giving showing failed with status as "net::ERR_SSL_PROTOCOL_ERROR".
This may have something to do with Same Origin policy.
Please see that answer: HTTP Ajax Request via HTTPS Page.
I have 2 sites running on the same machine, a client and an API.
Let's say the computer's IP is 10.10.10.10.
The API has a default page when you browse to it, the rest of the API is under 10.10.10.10/api.
The API has HTTP binding to port 80, and HTTPS binding to port 443.
The client has HTTP binding to port 8080, and HTTPS binding to port 64300.
Both HTTPS bindings use a self signed certificate I created via IIS manager.
Both sites have a HTTP to HTTPS redirect using "URL Rewrite".
When I try to browse either one of the apps, it works fine (gives the warning in the browser that you can skip).
When I do some action in the client which involves a HTTP request to the api using one of the following calls I get an error:
http://localhost/api/someMethod
http://localhost:80/api/someMethod
https://localhost/api/someMethod
https://localhost:443/api/someMethod
https://10.10.10.10/api/someMethod
The exception includes this error:
"The remote certificate is invalid according to the validation procedure"
I tried using the method described in this link (add the self-signed certificate to the Trusted Root Certificate Authorities folder) but it won't work.
Help please :D
found the answer.. posting if anyone else will get stuck on it.
It's pretty weird but the only thing that worked was to make the localhost http(s) request using the HOST NAME.
example:
https://the_name_of_the_computer:443/api/someMethod
I just tried with http ans https to fetch data in the for of json from server, while I try with http its working fine but when I try with https getting error. Is there any way to handle "https" request if server is not cofigured with SSL.
no, there isn't any way if the server isn't configured to user SSL. However if you want TLS encryption you could use a SSH tunnel. If you can't configure your application to use SSL you could configure a http server like Apache or nginx to act as an SSL Proxy.
I have a ASP.NET MVC site set up in IIS7 on Win2K8 with a single SSL binding on Port 443. The team in charge of the server only has port 443 open for security reasons, but this shouldn't be any issue because that's the only binding I have and I'm not making any regular HTTP calls on port 80.
When I call my site, my main login page (using forms authentication) comes up in the browser (over HTTPS) which looks fine. However, as soon as I try to login I get the following error:
[SocketException (0x274d): No connection could be made because the target machine actively refused it 10.x.123.123:80]
Ok that is the correct IP assigned to the site, but I'm not making any calls on port 80. Why would I get this error if all I need is a SSL binding on port 443? Am I required to have port 80 open as well? I'm not making any calls internally that use port 80, unless MVC is doing something I'm unaware of that requires port 80.
When digging into the code it turns out that our service turned around and made additional REST calls to other parts of the same service using a HTTP url, thus causing the error.
Since I configured IIS to only allow SSL traffic and I had internal calls to a HTTP URL the error was generated. The root cause was that I forgot we were making RESTful calls within the code and those URLs had to be updated to their respective HTTPS counterpart.