Got a problem with squid. I'm using 3.1 version with my own redirector.
My problem was when a client for example request https://twitter.com (with https) but somehow got a logic with my redirector that twitter.com is invalid page so i redirected this request to my invalid page. Let say 302:http://mydomain.com?invalid=twitter.com, in this stage process will not continue and browser will say "HTTP gateway failed".
So, my theory is when a request is https redirected to http, squid will not work. Is there any configuration i need to be done so that it will work?
Thank you guys..
RFC 2817 isn't very clear about the behavior of CONNECT and redirect. I think that most of the browser won't accept a redirect as a reply to the CONNECT method. So, there is no way to do what you want.
Is not an Squid issue, is a protocol/browser issue.
well, i think the best way to redirect is when:
- if the request is https the response should be https
- and if the request if http response should be http
that's the best way i can't think at the moment...
Related
I have 2 microservices in different server and i tried to hit api using http from one to other. it get me like timeout response [server not response]. And i tried hit api using https and it get me error like "you need certificate".
My question is does http need ssl or not ?
Thanks
HTTP no, HTTPS yes. Many blanks to satisfy system...
I was just wondering this small little question. I know it is irreverent to coding, but I just had to know quickly.
If you type in http:// for a https:// will it still take you to the correct place?
That is mostly dependent on the server configuration. The server has to accept the initial HTTP request and be configured to redirect the client to an appropriate HTTPS url.
That being said, there are some Internet standards related to automating HTTP-to-HTTPS upgrades. HTTP Strict Transport Security and Upgrade Insecure Requests allow an HTTP/S server to tell clients that it wants them to automatically use HTTPS for all subsequent requests. If a client visits an HSTS/UIR-enabled server, it will receive a normal HTTP response with additional HSTS/UIR-related headers. If the client supports HSTS/UIR, it will then know to automatically send all subsequent HTTP requests to that same server using HTTPS, and in the case of UIR also treat any received HTTP URLs as if they were HTTPS URLs.
I am disabling all http access and want to return an error code to indicate that http is disabled and use https instead.
what is the best error code response for that request?
400 Bad Request
403 Forbidden
There's not much value in listening on port 80 unless you're either going to serve up content or point clients to somewhere else.
Either issue a 301 Moved Permanently redirecting to https (Redirect http to https in default.aspx) or do not listen on port 80.
403.4 should be the best, as IIS returns exactly this to client side if HTTPS is required,
https://support.microsoft.com/en-us/kb/943891?wa=wsignin1.0
Some pages on my website (authentication, payment) must be served over HTTPS.
When a client hits such a page over HTTP, I want to redirect it to the HTTPS version.
At the moment I'm using a 301 Moved Permanently code with a Location header that points to the same URL with the scheme modified to HTTPS.
I'm wondering: is there a specific HTTP response code for using the wrong protocol?
Something that would be similar to 405 Method not allowed for the HTTP verb.
Not as such, no — the 301 permanent redirect is exactly the right choice here.
However, there is such a thing as HTTP Strict Transport Security (HSTS), which allows you, once you've told the browser to use HTTPS using the 301 redirect, to also tell it never to use the unencrypted HTTP protocol again on your site. The way you do this is by including a header like shown below in the HTTPS response (not in the redirect, which is sent over plain HTTP):
Strict-Transport-Security: max-age=31536000; includeSubDomains
For more details, see the Wikipedia article linked above and RFC 6797.
According to this, 403.4 seems to be what you want (in IIS), but I don't believe there is an equivalent in the HTTP standard.
Response 301 seems reasonable for the login pages etc. (where no credentials are needed to be transmitted to load the page). Otherwise when personal details have been sent it is wise to say not found (401) as somebody is being mischievous. It is also wise to check the referrer URL and also periodically check the log files.
(People do copy web sites and masquerade as yours, just forwarding traffic and collecting personal details in the process :-( )
I need some help with understanding how to write HTTP router, which recognizes HTTP header as routing criteria. I found the link https://github.com/cgbystrom/netty-tools/blob/master/src/main/java/se/cgbystrom/netty/http/router/RouterHandler.java which seems to do the routing itself. But now it is not clear, how to
connect to another HTTP server
send HTTP request
wait for HTTP response
forward the HTTP response to client
can somebody please give me some explanations?
http://static.netty.io/3.5/xref/org/jboss/netty/example/proxy/package-summary.html
the example of proxy server in Netty, essentially what I wanted