Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Redirect http to https
  •  
calvarez

Messages: 7

Karma: 0
Send a private message to this user
I would like users to always be forced to use the secure web access version, however I can envision them forgetting about it and just putting in the address without https. Is there a way to redirect the http connection to https on the Kerio server? I'm running it on Windows if that matters.
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
If you have Kerio open to both ports, you can enable the Security Policy (Configuration → Advanced Options section in the Security policy tab) and Require Secure Auth. This also up the requirements for other protocols for Clients, so read the Admin Guide page 138-139.

Another option is to shut Kerio on port 80, and use another HTTP service (like Apache) to do the redirect.
In Apache, you would make a RedirectMatch with Pattern = ^/(.*) and Path = https://your.server.name/$1

Hope it helps,

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
martin@dicom.se

Messages: 3
Karma: 0
Send a private message to this user
Isn't updating Kerio WS going to be a problem if you shut down or move port 80?
  •  
blswjames

Messages: 77
Karma: 0
Send a private message to this user
This behavior (of redirecting http to https) seems to have disappeared in the current version, and the option seems to have been removed from the admin interface. Any reason for this?

Seems like an odd thing to have taken out, especially since doing so opens up some security concerns.

UPDATE:
Also, I've noticed that if you connect via http (unsecured), and download the setup assistant in order to configure your workstation, that the setup assistant will configure the account to not use HTTPS. I've had to go back in and reset correct settings on a few workstations as a result.

[Updated on: Fri, 30 May 2014 21:42]

  •  
Maerad

Messages: 158
Karma: 31
Send a private message to this user
I


blswjames wrote on Fri, 30 May 2014 21:35
This behavior (of redirecting http to https) seems to have disappeared in the current version, and the option seems to have been removed from the admin interface. Any reason for this?

Seems like an odd thing to have taken out, especially since doing so opens up some security concerns.

UPDATE:
Also, I've noticed that if you connect via http (unsecured), and download the setup assistant in order to configure your workstation, that the setup assistant will configure the account to not use HTTPS. I've had to go back in and reset correct settings on a few workstations as a result.

In the security settings There is an Option to enforce secure auth. Also there is a setti g to allow unsecure connections for Clients in a specific area. Might be thats the case for you
  •  
blswjames

Messages: 77
Karma: 0
Send a private message to this user
Maerad wrote on Sat, 31 May 2014 17:39
I

In the security settings There is an Option to enforce secure auth. Also there is a setti g to allow unsecure connections for Clients in a specific area. Might be thats the case for you


No, this setting you speak of has nothing to do with the web authentication.

The enforce secure auth feature in the security section does not affect the web sessions. We use that feature also, as we require secure auth for IMAP/SMTP clients that are not on the local network. (And we disable it for specific trusted clients that do not support authentication, such as automated email notifications from our FTP server, etc.)

There used to be an option to specifically force web sessions that initiated on port 80 to be redirected to SSL port 443. As of the current release this option has disappeared, and the behavior that it provided has also. So now when our users just type in the URL of the mail server they are getting non-encrypted sessions by default and have no way to know that it's wrong. And, like I pointed out, it breaks the setup assistant installer also.

In all honesty, we're somewhat upset over this, as it is a very important feature to us. Why did it go away? Is this a bug? When will it come back?

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
blswjames wrote on Wed, 04 June 2014 21:42

There used to be an option to specifically force web sessions that initiated on port 80 to be redirected to SSL port 443. As of the current release this option has disappeared, and the behavior that it provided has also. So now when our users just type in the URL of the mail server they are getting non-encrypted sessions by default and have no way to know that it's wrong. And, like I pointed out, it breaks the setup assistant installer also.

In all honesty, we're somewhat upset over this, as it is a very important feature to us. Why did it go away? Is this a bug? When will it come back?



I think you're mistaken. There was no such option in Kerio Connect. Maybe you think another product?
  •  
blswjames

Messages: 77
Karma: 0
Send a private message to this user
Pavel Dobry (Kerio) wrote on Wed, 04 June 2014 21:59
I think you're mistaken. There was no such option in Kerio Connect. Maybe you think another product?

Ah, yes. I was confusing it with the control panel in Workspace. (Maybe my brain categorizes blue interfaces with the green ones.) You are also correct about enabling the "require secure auth" policy, as doing so does indeed enable the redirect behavior. It also affects non web traffic, but we can just create a more granular "trusted clients" group.

I originally landed in this thread because I was investigating a theory that the issues we are currently having with the configuration assistant might be related. We started noticing that typing in the webmail URL was going http, not https, and thought perhaps that had something to do with how the installer package gets constructed. If it always behaved this way, then we must have just overlooked it.

Thanks!

  •  
helpfinder

Messages: 1
Karma: 0
Send a private message to this user
Hi there,
I am running Kerio Connect Virtual Appliance and I am not able to find a way how to redirect users to HTTPS even they browse HTTP.
I was looking in the admin menu also searching for httpd.conf file, but no success.

Any hints here?

Thanks
  •  
clan

Messages: 236
Karma: 22
Send a private message to this user
We are not using the Appliance, but AFAIR all we did was setting require encrypted connection in the Security Policy tab.
  •  
derek_500

Messages: 42
Karma: 0
Send a private message to this user
In our site firewall we just don't allow port 80 through to the mailserver at all. We have always instructed people to make sure they have entered the S in https and fully typed "https://mailserver.example.com" to get through. If somebody doesn't put the 's', or for some reason types http, nothing happens for them. Once they bookmark it with the 's' it doesn't affect them much anymore.
Previous Topic: Webmail auto-spell check before sending?
Next Topic: Synchronize only the last year of mail in Outlook
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 08:22:08 CEST 2017

Total time taken to generate the page: 0.00519 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.