How to redirect from HTTPS to HTTP before server error?

apache-2.2 web-server .htaccess http https
41,232

Solution 1

The difference between http and https is that https requests are sent over an ssl-encrypted connection. The ssl-encrypted connection must be established between the browser and the server before the browser sends the http request.

Https requests are in fact http requests that are sent over an ssl encrypted connection. If the server rejects to establish an ssl encrypted connection then the browser will have no connection to send the request over. The browser and the server will have no way of talking to each other. The browser will not be able to send the url that it wants to access and the server will not be able to respond with a redirect to another url.

So this is not possible. If you want to respond to https links, then you need an ssl certificate.

Solution 2

No, if it were possible to redirect from https to http without a real certificate, it would be a major security flaw.

Consider a criminal somehow being able to make the bank secure server redirect to an insecure connection without needing a real https certificate for the site, it would allow the criminal to hijack the connection without the user knowing about it.

The only solution I can see is to get a cheap certificate and then do a normal redirect from the HTTPS site (which the user can't reach without a valid certificate) to the regular site for those external links.

Share:
41,232

Related videos on Youtube

user981178
Author by

user981178

Updated on September 18, 2022

Comments

  • user981178
    user981178 over 1 year

    I used to operate a website with an SSL certificate, but have stopped using the SSL certificate. The problem is that most of the external links to the website use the https:// prefix.

    I have tried the https:// to http:// redirect in the .htaccess file:

    RewriteEngine On

RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI}

    But it seems, as has been pointed out elsewhere, that the server is trying to retrieve the certificate before activating the redirect. Hence, an error is shown before the redirect is ever accomplished. The error is either a warning that the certificate is expired, or if I delete the certificate signing request, then an error that SSL received a record that exceeded the maximum permissible length.

    Is there any way to allow the incoming links to be redirected properly?

    • Admin
      Admin over 11 years
      It does seem that this may be difficult achieve. It is a real bummer to lose the links built up around the internet, and worse, for visitors to think the site has been compromised or disappeared.
    • Admin
      Admin about 3 years
      As the answers below have pointed out, you can't do the https -> http redirect without the correct cert. However, as the website owner, you can get a proper cert from somewhere like "let's encrypt". letsencrypt.org/getting-started
  • Admin
    Admin over 11 years
    Thanks for the suggestion. Even with this in the .htaccess, it is not using the page I enter for the 500 error for this particular error. It seems that, perhaps, nothing in the .htaccess is being activated because of the initial error.
  • Admin
    Admin over 11 years
    Right, it is better this way. Too bad there is not some way to setup an approved override as the site owner.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Redirect only one folder to HTTPS, all others to HTTP
mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
Apache, ISPConfig3 & https to http redirection bug
Apache stops responding to http requests -- https continues to work
Protected Apache web sub-directory asks for password twice
Redirect HTTPS to HTTP except for specific URL
How to redirect example.com from HTTPS to HTTP, then HTTP example.com to newdomain.com?
Apache: Allow only certain http requests, deny all else
How multiple <Directory> sections work in Apache configuration (httpd.conf)?
.htaccess redirect all extension to php