<div dir="ltr">The problem you will run into here is that the web browser does not know it needs to use TLS, so it will try to send a plain HTTP request, and apache will return the Bad Request, since *it* is expecting to receive HTTPS.<br>
<div class="gmail_extra"><br><br clear="all"><div><div dir="ltr"><div>❧ Brian Mathis<br></div>@orev<br></div></div>
<br><br><div class="gmail_quote">On Fri, May 16, 2014 at 4:36 PM, Adrya Stembridge <span dir="ltr"><<a href="mailto:adrya.stembridge@gmail.com" target="_blank">adrya.stembridge@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Quick follow-up. Is there a way in iptables to redirect traffic from non-ssl to ssl (such as 80 to 443)? I'm already handling this with Apache, but wondered if I could safely cut off all non-encrypted traffic this way, or if this even makes sense.<br>
<br>I'm getting Bad Request after adding <div>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 443<br></div><div>and accessing content over http. </div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Fri, May 16, 2014 at 3:00 PM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>yep! blocking the gateway will do that as well :-)<br><br></div>Glad it's working.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div>On Fri, May 16, 2014 at 2:51 PM, Adrya Stembridge <span dir="ltr"><<a href="mailto:adrya.stembridge@gmail.com" target="_blank">adrya.stembridge@gmail.com</a>></span> wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="ltr"><div class="gmail_extra">Got it sorted out and feel like a total newb for not seeing this earlier. I only obtain content from a single external machine. Once I added that machine's IP to the INPUT ruleset, my system is able to reach/retrieve info as before. <br>
<br>Thanks for the help. </div></div>
<br></div><div>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></div></blockquote></div><div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></i></div>
</div></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br></div></div>