Search

GlobalSCAPE Knowledge Base

HTTP-to-HTTPS Redirection

Karla Marsh
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT all versions

DISCUSSION

You can redirect HTTP connections to HTTPS on the Connection Options tab of a Site. The HTTP engine listens to a specified port (default = 80) even when OFF; all traffic is redirected to the HTTPS port on the same host (using HTTP header), by responding with a redirect.

In v8.0 and later:

EFT redirects to HTTPS for login to secure client password; then (after successful login) it sets a websession cookie and redirects back to HTTP. Because the session cookie uses the "SameSite: Strict" policy, the browser does not send it to the HTTP endpoint (which is "not same site" as HTTPS); thus, EFT does not authenticate the request to HTTP and redirects it back to HTTPS login page.
To workaround, set one of the folowing APs:
Set "DisableHTTPAccountSecurity": true to not redirect to HTTPS for login (i.e., make all communications plaintext, including sending password)
Set "HttpCookieSameSitePolicy": "Lax" to redirect to HTTPS for login, redirect back to HTTP after login, and allow the browser to send websession cookie to HTTP (i.e., make all communications plaintext except for login).

In v5.1 or if your HSM has expired, create the following key:

32-bit:

HKEY_LOCAL_MACHINE\Software\GlobalSCAPE Inc.\EFT Server 3.0\

64-bit:

HKEY_LOCAL_MACHINE\Software\WOW6432Node\GlobalSCAPE Inc.\EFT Server 3.0\

Create the DWORD RedirectHTTPtoHTTPS and set it to a non-zero value.

When set to a non-zerovalue, all traffic coming to HTTP port will be redirected to HTTPS port using HTTP protocol (header redirection).


The HTTP port will be LISTENING even if the check box is OFF for that protocol, including through DMZ Gateway.


Details
Last Modified: 9 Months Ago
Last Modified By: kmarsh
Type: HOWTO
Article not rated yet.
Article has been viewed 46K times.
Options
Also In This Category
Tags