https://live.paloaltonetworks.com/t5/general-topics/http-traffic-to-https/m-p/421257#M93931 <P>Quick answer: bad idea.<BR /><BR />Long answer 1: it would probably confuse the browser, unlike an "HTTPS-only like" browser extension, which would do the same thing (in a non-centralized fashion, of course) while keeping the browser aware of the redirection<BR /><BR />Long answer 2: a PAN firewall seems to be able to "express" that kind of DNAT rule, should you want to try<BR /><BR />Possible solution:<BR />- hijack the DNS domain and point it to an IP of yours (PAN dns-proxy should be able to do that with a static entry, in case you're using it)<BR />- set up a "dummy" http-only web server with an HTTP/301 catch-all page that points to the https server (bonus point: implement a rewrite that keeps the URL)<BR />- DNAT on firewall so that <STRONG>https</STRONG> to YOUR dummy web server is DNAT'ed to the original one</P> Thu, 22 Jul 2021 09:22:12 GMT michelealbrigo 2021-07-22T09:22:12Z https://live.paloaltonetworks.com/t5/general-topics/http-traffic-to-https/m-p/421211#M93929 <P>Hi Guys&nbsp;<BR />Can we redirect someone trying to access <A href="http://www.xxx.com" target="_blank">http://www.xxx.com</A> to <A href="https://www.xxx.com" target="_blank">https://www.xxx.com</A> ( port 80 to 443 ) ?</P><P>If we are using Dest NAT for <A href="https://www.xxx.com" target="_blank">https://www.xxx.com</A>&nbsp;?&nbsp;</P><P>Thanks&nbsp;</P> Thu, 22 Jul 2021 07:03:52 GMT https://live.paloaltonetworks.com/t5/general-topics/http-traffic-to-https/m-p/421211#M93929 i_maddy 2021-07-22T07:03:52Z https://live.paloaltonetworks.com/t5/general-topics/http-traffic-to-https/m-p/421257#M93931 <P>Quick answer: bad idea.<BR /><BR />Long answer 1: it would probably confuse the browser, unlike an "HTTPS-only like" browser extension, which would do the same thing (in a non-centralized fashion, of course) while keeping the browser aware of the redirection<BR /><BR />Long answer 2: a PAN firewall seems to be able to "express" that kind of DNAT rule, should you want to try<BR /><BR />Possible solution:<BR />- hijack the DNS domain and point it to an IP of yours (PAN dns-proxy should be able to do that with a static entry, in case you're using it)<BR />- set up a "dummy" http-only web server with an HTTP/301 catch-all page that points to the https server (bonus point: implement a rewrite that keeps the URL)<BR />- DNAT on firewall so that <STRONG>https</STRONG> to YOUR dummy web server is DNAT'ed to the original one</P> Thu, 22 Jul 2021 09:22:12 GMT https://live.paloaltonetworks.com/t5/general-topics/http-traffic-to-https/m-p/421257#M93931 michelealbrigo 2021-07-22T09:22:12Z