server is running Parallels Plesk Panel 11.5.30 and httpd-2.2.15-39 when any website is accessed using url http://website_domain_name:443 it show error page 400 Bad Request but with 200 OK header.
I already have read this question but can't find answer.
https works fine but *.com:443 gives a 400 error?
http://domainname:443
Not secure HTTP proto over secure port?
Maybe it should be
httpS://domainname:443 ?
or you have to sure that 443 port is actually not secure.
Related
I have an oci load balancer setup to front-end my webservers. I have the http backendSet configured using the http protocol and port 80 to handle the healthcheck by checking for a status code of 200.
However i also need a backendSet for handling https traffic. The choices for protocol for the health check only include http and tcp, but my understanding is that using a tcp health check only verifies that the server is up not that the webserver is working properly. If I use the http protocol with port 443, I get inconsistent status codes back from the webserver.When the webserver tries to perform the ssl handshake I get a 400 bad request status back, and other times I get a 403 unauthorized or 200 ok status code.
If I look at the apache access_log file on the backend webserver I see these various status codes, so I am not certain the best way to configure the health check so I can get anything other than a critical health check.
Any suggestions would be appreciated.
I am creating a 'firewall' type device (i.e. sitting in the middle of a communication) that in some cases need to intercept a HTTPS request and return a message to the client browser (like e.g. : sorry this is blocked).
I can do this for HTTP by redirecting (with iptables DNAT) to another port on the device where netcat is listening:
while true; do echo -e "HTTP/1.1 200 OK\n\nsorry this is blocked"|nc -l -p 8000; done
(so nc is listening on port 8000 and returning a normal code 200 reply. Could of course also be some other return code like 403 Forbidden etc.)
But what to do for HTTPS?
The whole thing is encapsulated in SSL/TLS and if intercepted the browser will just display a message that the secure connection failed.
I tried responding with a HTTP 307 Temporary Redirect with a Location pointing to http://127.0.0.1 (which would then give the above message). But the browser doesn't like this.
I need to display some sort of customized message (not necessarily HTML).
I realize that it would be a huge security issue if a HTTPS request could be changed to HTTP, thus stripping the security without the client noticing, but can a popup message or something not be forced in the client? Or at least a standard code like '403 Forbidden'..?
Is there something in the SSL or TLS protocols that I can (ab)use?
Thanks.
So you are developing a transparent proxy. When it comes to HTTPS traffic every proxy has the choice:
Pass it without decryption
Block it completely
Perform a man-in-the-middle attack for getting access to the content
If you performing the man-in-the-middle attack and the client does not trust the certificate used by the proxy it will get a certificate warning. You can not send anything HTTP related to the client because SSL/TLS already fails to establish the tunnel. No tunnel means that you will not be able to transmit a single "HTTP byte" (this also means that you can not redirect the client somewhere else).
And on SSL/TLS level there is AFAIK no way to send a custom message. The "TLS alert message" only allows pre-defined constant values.
Setting up my simplewebrtc.html video chat room
Google Chrome browser decides http connections are no longer supported (https only)
I get my SSL certificate - and end up with this problem...
Mixed Content: The page at 'https://myURL.com/xsdk-master/examples/simplewebrtc.php?roomName=767' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://endpoint02.uswest.xirsys.com:8080/socket.io/1/?t=1450578074425'. This request has been blocked; the content must be served over HTTPS.
Seems self-explanatory I need to use a secure endpoint on XirSys end, but
I tried getting in touch with experts#xirsys.com - and they're out until December 28th, 2015. Anybody know if a secure endpoint exists? Please any and all help is appreciated!
You need to update the port on the endpoint to 443. The 8080 port you are using won't work on a secure page.
Regards,
Lee
I implemented HTTPS client(with Certification BYPASS) as in :
http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/
But I get the following Exception(as attached in the image):
javax.net.ssl.SSLHandshakeException:Received Fatal Alert :handshake_failure
Not sure why I getting this error.It had worked for me before.
Also the HTTPS Server is an APACHE TOMCAT SERVER.
Is there any other way I can Ignore(bypass) HTTPS Certification?
Please let me know.
I have the following situation: 2 hosts, one is a client and the other an HTTPS server.
Client (:<brwsr-port>) <=============> Web server (:443)
I installed Fiddler on the server so that I now have Fiddler running on my server on port 8888.
The situation i would like to reach is the following:
|Client (:<brwsr-port>)| <===> |Fiddler (:8888) <===> Web server (:443)|
|-Me-------------------| |-Server--------------------------------|
From my computer I want to contact Fiddler which will redirect traffic to the web server. The web server however uses HTTPS.
On The server I set up Fiddler to handle HTTPS sessions and decrypt them. I was asked to install on the server Fiddler's fake CA's certificate and I did it! I also inserted the script suggested by the Fiddler wiki page to redirect HTTPS traffic
// HTTPS redirect -----------------------
FiddlerObject.log("Connect received...");
if (oSession.HTTPMethodIs("CONNECT") && (oSession.PathAndQuery == "<server-addr>:8888")) {
oSession.PathAndQuery = "<server-addr>:443";
}
// --------------------------------------
However when I try https://myserver:8888/index.html I fail!
Failure details
When using Fiddler on the client, I can see that the CONNECT request starts but the session fails because response is HTTP error 502. Looks like no one is listening on port 8888. In fact, If I stop Fiddler on the server I get the same situation: 502 bad gateway.
Please note that when I try https://myserver/index.html and https://myserver:443/index.html everything works!
Question
What am I doing wrong?
Is it possible that...?
I thought that since maybe TLS/SSL works on port 443, I should have Fiddler listen there and move my web server to another port, like 444 (I should probably set on IIS an https binding on port 444 then). Is it correct?
If Fiddler isn't configured as the client's proxy and is instead running as a reverse proxy on the Server, then things get a bit more complicated.
Running Fiddler as a Reverse Proxy for HTTPS
Move your existing HTTPS server to a new port (e.g. 444)
Inside Tools > Fiddler Options > Connections, tick Allow Remote Clients to Connect. Restart Fiddler.
Inside Fiddler's QuickExec box, type !listen 443 ServerName where ServerName is whatever the server's hostname is; for instance, for https://Fuzzle/ you would use fuzzle for the server name.
Inside your OnBeforeRequest method, add:
if ((oSession.HostnameIs("fuzzle")) &&
(oSession.oRequest.pipeClient.LocalPort == 443) )
{
oSession.host = "fuzzle:444";
}
Why do you need to do it this way?
The !listen command instructs Fiddler to create a new endpoint that will perform a HTTPS handshake with the client upon connection; the default proxy endpoint doesn't do that because when a proxy receives a connection for HTTPS traffic it gets a HTTP CONNECT request instead of a handshake.
I just ran into a similar situation where I have VS2013 (IISExpress) running a web application on HTTPS (port 44300) and I wanted to browse the application from a mobile device.
I configured Fiddler to "act as a reverse proxy" and "allow remote clients to connect" but it would only work on port 80 (HTTP).
Following on from EricLaw's suggestion, I changed the listening port from 8888 to 8889 and ran the command "!listen 8889 [host_machine_name]" and bingo I was able to browse my application on HTTPS on port 8889.
Note: I had previously entered the forwarding port number into the registry (as described here) so Fiddler already knew what port to forward the requests on to.