Cannot access site through http from https server - http

I have a https site say with url www.example.com. On this server, I've an application which is decoupled in front-end and back-end. The front-end is a gwt application and the back-end is a REST interface.
To call the rest interface, the front-end uses https, say with a url like https://www.example.com/api
however, when I'm trying to call the front-end using http://www.example.com, it is not making the call to rest interface when i'm using https://www.example.com, it is ok. Can someone explain the reason of this problem??

https://www.example.com and http://www.example.com are different URIs and nothing requires that a web server serve up the same content for both. Presumably your server isn't configured to do so.

Related

Trying to redirect requests to a web application with different versions behind nginx as reverse proxy?

I have an off-the-shelf web application with version, say v1, running behind a nginx server.
URL for web app say https://web-app/
I want to run v2 version of the same application as test pilot with few users in the same environment as the above one. This version of the application sits behind the same nginx server.
URL for web app version v2 https://web-app/v2
The requirement is that the request should be redirected to the right instance.
Please note that the off-the-shelf web-app does not have the version in the URL. So, I need to find a way to redirect all the requests to the correct instance. After a bit of research I observed that one of the option is to use a cookie.
For instance when a user accesses either of the url then in the nginx server checks for the existence of "v2" at the end of it. In case the URL contains v2 then nginx server sends the request to new version and sets a cookie with a value say "version:v2" in the response to the browser. The browser then onwards sends the cookie in the requests. The nginx server will use the cookie to redirect the request to the right instance.
I have bit of experience in server side programming but did work on frontend and browser. so not sure if the above approach is right or not. So request you help/advise.

Azure App Service won't serve via HTTP

I have an ASP.net MVC app running on Azure App Service ... I've searched for the answer, but have not found it ... my app seems to always force HTTPS redirect, no matter what. All the docs say it should serve content via HTTP by default, but it does not. Most everyone has the opposite problem of needing to redirect HTTP to HTTPS.
I need Azure App Service to do the following:
1) Serve static Default.htm page via HTTP, without redirecting to HTTPS
My app has a custom domain and no SSL for the custom domain. I want the URL http://example.com/Default.htm to serve the static page, not redirect to HTTPS to serve the static page. I will use azurewebsites domain when I want users to be in HTTPS. I want to use my custom domain name to serve a static home page for users arriving at my site.
As far as I can determine, I do not have any app extensions installed (such s https redirect extension), or anything in web.config to force https, or any RequireHTTPS attributes ... can anyone explain why plain old regular boring HTTP doesn't work here?
Thanks

Redirect to https schema asp.net mvc web api request

Some web sites are sending request to https url adress. I am entering http:/somesite.com but it is going to https:/somesite.com
I am plannig to get an SSL sertificate and use https for my site. I am using asp.net mvc web api.
I want to redirect to https page my users. Should I do it with a handler, or HttpMessageHandler or directly from IIS?
trailmax has a pretty good solution for your problem in his blog. He even has some nice unit tests:)
http://tech.trailmax.info/2014/02/implemnting-https-everywhere-in-asp-net-mvc-application/

If my web site is HTTPS does every call for data or a static page have to be HTTPS also?

I have a web api application that I am considering moving to HTTPS. The reason is really just for the initial login where I would like to hide the username and password.
Once logged in do all other calls from the pages also need to be HTTPS? For example do my calls to CSS and scripts need to travel over HTTPS? How about WebAPI calls?
When referencing HTTP content from HTTPS pages, some user agents will issue warnings about "mixed content" or "insecure content" to the user, others may block the content (older versions of IE do that). GitHub solved this issue using ngnix as reverse proxy, so it serves the static content as HTTPS.
If you are only worried about the authentication, and it is cookie based, you can do the authentication in HTTPS and then get back to HTTP. The cookie will be shared as long it is not marked as Secure. Remember that both the GET request acquiring the login FORM and the POST call sending the login form should be HTTPS to be secure.
You can use the page in HTTP and do the AJAX calls in HTTPS: Ajax using https on an http page. Again, this may be useless if the auth form is not secure as well.
If your static content is hosted in a CDN, probably the CDN is able of proxying the requests to your site and return HTTPS content if required.
Static content served as HTTP won't be cached for when you request the same content through HTTPS, neither viceversa, so it will basically downloaded twice.
Also relevant, please check these 7 myths about HTTPS, specially myth #1. If you are worried about security, maybe switch completely to HTTPS is the best decision.

ASP.NET Webservice HTTP Redirect

My website posts orders to partner sites using web services. Recently, one of our partners implemented load balancing on their servers and our web requests are failing because they get redirected to other URLs.
Normally when we test they pass because the URI is static but in production they fail because the requests get redirected.
e.g. redirecting from http://mysite.com/services/myservice.asmx to http://subnet.mysite.com/services/myservice.asmx
Any ideas?
Just make sure you set the AllowAutoRedirect property on the client to true.

Resources