Redirecting luci from 443/https to 80/http

This is in my /etc/config/firewall:

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Luci always 80'
        option src 'lan'
        option src_dport '443'
        option dest_ip '192.168.2.1'
        option dest_port '80'

However when I try to access https://192.168.2.1 I am not redirected to 80? Is my firewall rule wrong or is that something the browser just will not accept?

you're not passing any fw, the rule won't kick in.

why not simply have uhttpd bind to port 80 too ?

1 Like

Unless you actually run an HTTPS enabled server instance on port 80 this will not work. The server listening for plaintext HTTP on port 80 will receive TLS encrypted binary data due to the firewall port redirection and is unable to handle it.

The only way to implement a HTTPS:443 to HTTP:80 redirection is having an actual HTTPS enabled server listening on 443 which responds with a HTTP redirect to port 80.

What is the actual problem you’re trying to solve with this?

4 Likes

If you want to control this kind of traffic with firewall rules you will need to start by setting lan zone input to reject.
But for general information, that will come with a big bunch of other rules to get anything working on LAN!

Have you simply tried to change uhttpd https listening port to 0.0.0.0:80 and remove the http listening port?

Well, I assign custom name to my router and when I start writing it into the browser's address field, it would automatically prefer the https version, which would then pester me about exceptions.

Alternative solution was to just delete the https version from my browser's history - now the browser suggests only the http version.

uhttpd actually listens both on 80 and 443 (I guess I could turn it off on 443). The solution by jow is feasible but not really needed, thanks for it though!

you can always generate a public cert using ACME.

1 Like

Just delete both https listeners from /etc/config/uhttpd and you are set. Web redirect cannot be achieved by firewall rules ever.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.