0
Is there a solution for Linux to force all unencrypted HTTP traffic (client side, I'm already aware of server TLS termination) to go through TLS transparently for the HTTP application?
user3368561
Posted 2019-05-23T11:40:40.323
Reputation: 101
Force all outgoing HTTP connections to use TLS
Answers
-1
This wpuld be messy, and require a proxy offsite.
You would need to somwhow route requests for these http sites to the oroxy, using some kind of proxy and DNS trickery. You woukd then need the proxy to cinvert htto to https and rewrite links. I susoect, but di not know for sure that SQUID can do this.
Of-course, by the time you are finished you are likely better off just setting up a VPN which uses https/443 to get pas the firewall.
Also, if the sites have http and https versions, you can get browser plugins to do redirects. Look at the plugin HTTPS Everywhere.
davidgo
Posted 2019-05-23T11:40:40.323
Reputation: 49 152
Why the downvote? – davidgo – 2019-05-23T18:55:18.830
Even if the server itself does not support HTTPS? – user1686 – 2019-05-23T11:48:07.340
@grawity Yes. HTTP is banned. If the server doesn't support HTTPS the client get an error. – user3368561 – 2019-05-23T11:51:24.990
@garethTheRed Generic over standard ports. Other ports are blocked by the firewall. – user3368561 – 2019-05-23T12:18:01.600
You've also got the problem that your client will be sending HTTP on port 80, but your service listening on port 443 will expect HTTPS. Unless your client sends a request such as
https://example.com:80(unlikely), your service will simply fail when it receives the HTTP protocol on the HTTPS port (443). That is, you've a port mapping problem and a protocol mismatch problem. – garethTheRed – 2019-05-23T14:14:14.427@garethTheRed Of course you can't sent HTTP requests to the HTTPS service directly. You need to wrap them with a TLS layer first. You can get something working with
socatand someiptablesmagic, but it will be hack. This is why I'm asking for a proper solution. – user3368561 – 2019-05-23T16:54:23.267