AndreiGuru
Occasional Visitor
Hello,
With the recent KRACK attacks, and lack of client updates for whatever reason, I was wondering if anyone's using a method to force the use of HTTPS. An easy to implement method which comes to mind is redirecting all outbound http traffic through a local "service" via iptables, which would then simply reply back to the client with a 30x redirect to the https endpoint. The reason I mention "service" is because this can be done using a simple Perl script with a few lines of code vs having to install an actual web server.
I'm aware that not all sites have https support, and certain https endpoints will not use the same host as the http variant. However, I feel those inconsistencies can easily be coded around using whitelist and custom https endpoint options. For example, two options come to mind:
- Whitelisting: Giving the user the ability to whitelist http:// requests by client IP/target FQDN
- Custom mapping: For example mapping http://w.sharethis.com to https://ws.sharethis.com
With the recent KRACK attacks, and lack of client updates for whatever reason, I was wondering if anyone's using a method to force the use of HTTPS. An easy to implement method which comes to mind is redirecting all outbound http traffic through a local "service" via iptables, which would then simply reply back to the client with a 30x redirect to the https endpoint. The reason I mention "service" is because this can be done using a simple Perl script with a few lines of code vs having to install an actual web server.
I'm aware that not all sites have https support, and certain https endpoints will not use the same host as the http variant. However, I feel those inconsistencies can easily be coded around using whitelist and custom https endpoint options. For example, two options come to mind:
- Whitelisting: Giving the user the ability to whitelist http:// requests by client IP/target FQDN
- Custom mapping: For example mapping http://w.sharethis.com to https://ws.sharethis.com
Last edited: