Aug 23, 2016

Redirecting HTTP (TCP/80) requests to the WebVPN portal

After completing a WebVPN setup, the users access the SSL VPN portal using a web browser and going to https://fw_ip_address (or a URL mapped to the firewall address). However users are not network experts and sometimes they will forget the "https://" or even use "http://" and the ASA will reject the connection attempt.

If we want to avoid users crying about timeout pages on their browsers, we can redirect HTTP requests to the TCP port in use for the WebVPN with the following command:

asa(config)# http redirect outside http

These are the HTTP messages that we see in the wire:

Browser to ASA
GET / HTTP/1.1
Host: 192.0.2.1
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive


ASA to Browser
HTTP/1.0 302 Temporary moved
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 23 Aug 2016 20:54:22 GMT
Location: https://192.0.2.1/


It doesn't matter if we are using TCP port 443 or any other for the SSL VPN portal, the ASA will redirect the browser to the right location.

2 comments:

  1. Chrome and Firefox have started showing insecure warnings on sites without SSL certificates. Without SSL, your website will show insecure to the visitors. Therefore, using an SSL-encrypted connection for safety, accessibility or PCI compliance reasons is necessary. It becomes very important to redirect from HTTP to HTTPS.
    for more information click here: HOW TO REDIRECT HTTP TO HTTPS

    ReplyDelete
  2. Borgata Hotel Casino & Spa (Atlantic City, New Jersey) - Dr.MCD
    The Borgata Hotel Casino & Spa 삼척 출장샵 is the East Coast's premier integrated 여주 출장안마 resort destination offering a 이천 출장안마 wealth of amenities 김제 출장안마 and 세종특별자치 출장샵 a casino

    ReplyDelete