| Redirect http to https [message #66030] |
Tue, 15 December 2009 20:07  |
calvarez
Messages: 1
Registered: December 2009
Location: Phoenix, AZ
|
|
   
|
|
I would like users to always be forced to use the secure web access version, however I can envision them forgetting about it and just putting in the address without https. Is there a way to redirect the http connection to https on the Kerio server? I'm running it on Windows if that matters.
|
|
|
|
|
|
|
|
|
|
| Re: Redirect http to https [message #113875 is a reply to message #113867] |
Sat, 31 May 2014 17:39  |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
I
blswjames wrote on Fri, 30 May 2014 21:35This behavior (of redirecting http to https) seems to have disappeared in the current version, and the option seems to have been removed from the admin interface. Any reason for this?
Seems like an odd thing to have taken out, especially since doing so opens up some security concerns.
UPDATE:
Also, I've noticed that if you connect via http (unsecured), and download the setup assistant in order to configure your workstation, that the setup assistant will configure the account to not use HTTPS. I've had to go back in and reset correct settings on a few workstations as a result.
In the security settings There is an Option to enforce secure auth. Also there is a setti g to allow unsecure connections for Clients in a specific area. Might be thats the case for you
|
|
|
|
| Re: Redirect http to https [message #113936 is a reply to message #113875] |
Wed, 04 June 2014 21:42 |
 |
blswjames
Messages: 76
Registered: January 2012
Location: Kansas City
|
|
|
|
Maerad wrote on Sat, 31 May 2014 17:39I
In the security settings There is an Option to enforce secure auth. Also there is a setti g to allow unsecure connections for Clients in a specific area. Might be thats the case for you
No, this setting you speak of has nothing to do with the web authentication.
The enforce secure auth feature in the security section does not affect the web sessions. We use that feature also, as we require secure auth for IMAP/SMTP clients that are not on the local network. (And we disable it for specific trusted clients that do not support authentication, such as automated email notifications from our FTP server, etc.)
There used to be an option to specifically force web sessions that initiated on port 80 to be redirected to SSL port 443. As of the current release this option has disappeared, and the behavior that it provided has also. So now when our users just type in the URL of the mail server they are getting non-encrypted sessions by default and have no way to know that it's wrong. And, like I pointed out, it breaks the setup assistant installer also.
In all honesty, we're somewhat upset over this, as it is a very important feature to us. Why did it go away? Is this a bug? When will it come back?
|
|
|
|
|
|
| Re: Redirect http to https [message #114063 is a reply to message #113937] |
Tue, 10 June 2014 06:47 |
|
blswjames
Messages: 76
Registered: January 2012
Location: Kansas City
|
|
|
|
Pavel Dobry (Kerio) wrote on Wed, 04 June 2014 21:59I think you're mistaken. There was no such option in Kerio Connect. Maybe you think another product?
Ah, yes. I was confusing it with the control panel in Workspace. (Maybe my brain categorizes blue interfaces with the green ones.) You are also correct about enabling the "require secure auth" policy, as doing so does indeed enable the redirect behavior. It also affects non web traffic, but we can just create a more granular "trusted clients" group.
I originally landed in this thread because I was investigating a theory that the issues we are currently having with the configuration assistant might be related. We started noticing that typing in the webmail URL was going http, not https, and thought perhaps that had something to do with how the installer package gets constructed. If it always behaved this way, then we must have just overlooked it.
Thanks!
|
|
|
|
| Re: Redirect http to https [message #127733 is a reply to message #66030] |
Fri, 05 February 2016 19:02 |
helpfinder
Messages: 1
Registered: February 2016
|
|
|
|
Hi there,
I am running Kerio Connect Virtual Appliance and I am not able to find a way how to redirect users to HTTPS even they browse HTTP.
I was looking in the admin menu also searching for httpd.conf file, but no success.
Any hints here?
Thanks
|
|
|
|
|
|
| Re: Redirect http to https [message #127808 is a reply to message #127750] |
Tue, 09 February 2016 21:37 |
derek_500
Messages: 38
Registered: September 2006
Location: MA, USA
|
|
|
|
|
In our site firewall we just don't allow port 80 through to the mailserver at all. We have always instructed people to make sure they have entered the S in https and fully typed "https://mailserver.example.com" to get through. If somebody doesn't put the 's', or for some reason types http, nothing happens for them. Once they bookmark it with the 's' it doesn't affect them much anymore.
|
|
|
|
Members
Search
Help
Register
Login
Home
