07-22-2021 12:03 AM
Hi Guys
Can we redirect someone trying to access http://www.xxx.com to https://www.xxx.com ( port 80 to 443 ) ?
If we are using Dest NAT for https://www.xxx.com ?
Thanks
07-22-2021 02:21 AM - edited 07-22-2021 02:22 AM
Quick answer: bad idea.
Long answer 1: it would probably confuse the browser, unlike an "HTTPS-only like" browser extension, which would do the same thing (in a non-centralized fashion, of course) while keeping the browser aware of the redirection
Long answer 2: a PAN firewall seems to be able to "express" that kind of DNAT rule, should you want to try
Possible solution:
- hijack the DNS domain and point it to an IP of yours (PAN dns-proxy should be able to do that with a static entry, in case you're using it)
- set up a "dummy" http-only web server with an HTTP/301 catch-all page that points to the https server (bonus point: implement a rewrite that keeps the URL)
- DNAT on firewall so that https to YOUR dummy web server is DNAT'ed to the original one
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
