Web GUI Auto Redirect HTTP Connection to HTTPS
-
Hello,
I am running my pfSense web GUI on a non standard port. Everything works fine until I forget to manually specify https:// in the url before I hit enter. When that happens, I get the message shown in the image below.
How can I make pfSense automatically redirect whatever I put in (local domain name or IP address of the firewall) from HTTP to HTTPS automatically? Is this something that would require editing a .htaccess file or the webpage config file? Any help would be greatly appreciated!
-
It does that automatically when you connect to the http server, like the default on port 80. If you do
http://<firewall>
it redirects tohttps://<firewall>:port
. However if you manually put inhttp://<firewall>:<https port>
there is nothing that pfSense or the browser can do. You explicitly told it to do the wrong thing. -
I do not manually specify http:// when I put <firewall>:<port> in the browser. However, if my browser doesn't have that connection cached, then it tries to connect via HTTP. I can't use 443 as that is being redirected to a server in my DMZ, hints the custom port. Example, I can put in pfsense.<localdomain>.com:<port> into a browser that does not have the correct connection cached. As soon as I press enter it automatically puts http:// in front and then I get the 400 bad request. If it is possible, I would like to have it automatically redirect/rewrite the url to replace http:// with https:// so I don't have to manually specify it every time.
-
When using custom ports, no web server can do that. It's not a limitation of pfSense. Your browser is connecting with http to a sever that only speaks https. It can't complete the initial negotiation.
If you can't remember to put in https, then use bookmarks instead of typing it in.
-
Okay, thank you for that explanation. I'll leave it as it is and just remind myself to prefix https://.
-
And this just answered my question here:
https://forum.netgate.com/topic/150042/after-changing-pfsense-from-http-to-https-i-must-type-https-xxxxxx-xx-to-reach-web-page
Im using custom port, so yeah.
Thanks for clarification.