Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Webserver Protection: Redirect HTTP to HTTPS

One of the most important problems of the website users is, when they want to open the page that is HTTPS, they forget to type HTTPS at the beginning of the address and the request is sent via HTTP. Therefore they can not view the page successfully. If the "URL redirection" feature will provided on Sophos UTM or WAF it is possible to automatically redirect all HTTP requests to HTTPS before the request reaches to the real web server. This will solve the problem of the website users.

283 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Reza AbbasiReza Abbasi shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    20 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Hans KasbauerHans Kasbauer commented  ·   ·  Flag as inappropriate

        I would suggest to not only add the feature of HTTP to HTTPS redirect, but also add the possibility for url/path redirects if needed.
        e.g. external access to https://webmail.example.com being redirected to https://webmail.example.com/owa, which would be fine for users accessing Outlook Web Access more easily. This is currently possible using TMG to publish OWA and therefore is a missing "feature" for customers thinking about replacing TMG by Sophos UTM.

      • jakejake commented  ·   ·  Flag as inappropriate

        This would be great When sophos utm can do Redirecting HTTP to HTTPS. using SSL/TLS to encrypt web traffic

      • Reza AbbasiReza Abbasi commented  ·   ·  Flag as inappropriate

        @jim Harrison: This will just change the protocol from HTTP to HTTPS and all other parts of the request will remain unchanged.

      • Jim HarrisonJim Harrison commented  ·   ·  Flag as inappropriate

        Will this be a full-up redirection mechanism (modify scheme, host, port, path) or just a scheme redirection based on the original URL?

      • Reza AbbasiReza Abbasi commented  ·   ·  Flag as inappropriate

        Thanks a lot for implementing this vital feature. But I cant find the exact place to configure this new feature from WebAdmin in UTM 9.1. Please explain where to do it. tnx.

      • Anonymous commented  ·   ·  Flag as inappropriate

        We have no problems with redirect to https feature on (..) Firewall, who does not want, does not need to use, we need this feature.

      • Anonymous commented  ·   ·  Flag as inappropriate

        i have installed on my office sophos utm today, and this feature is missing!!! my previous setup with nginx supported it ... my user now are very disappointed :-( .. please add this feature

      • -gf--gf- commented  ·   ·  Flag as inappropriate

        Not a fan of technology fixes for self-inflicted user issues. This will become an administrative burden: redirect by default would break for non-https sites, enable redirect with blacklist/whitelist requires list maintenance. Redirecting the root site URL may work okay, but URLs for Ajax and Websocksets could be very problematic. Do you want to be the guy/gal maintaining that list for the ideal user population for this feature ?

      • ArneArne commented  ·   ·  Flag as inappropriate

        The automatic redirect of port 80 to port 443 on the user portal is a huge "miss" by Astaro/Sophos.

        To follow up on Dennis, there is no difference between any port when exploiting a vulnerability on a web server, the only difference with HTTPS is that you also have to negotiate HTTPS, this is a trivial setp.

      • DennisDennis commented  ·   ·  Flag as inappropriate

        True that your webservers can do this, but that means you have your port 80 exposed to the internet, which means it is open to exploit. As port 80 is much easier to exploit than port 443, i would rather have port 80 closed on my webserver.

      • NewImageNewImage commented  ·   ·  Flag as inappropriate

        Could have your webserver rewrite any access to a protected directory to a secure connection. Know Nginx and Apache can do it.

      • ehofstedeehofstede commented  ·   ·  Flag as inappropriate

        Great idea!!! To bad I currently haven't got votes left, otherwise I'd give one to this idea... :)

      Feedback and Knowledge Base