How to disable HTTP port?

[Tokay]

Does it possible to disable HTTP port of UniGUI? I need only HTTPS enabled, not both ports.

[Ron]

If you want to close port 80 totally, you can do it on the server's firewall.

If not, you can redirect port 80 calls to the SSL port if you run the app as a DLL, e.g for apache:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] 

I'm sure you can do the same thing for IIS.

[M.Ammar]

hi

If for IIS  you can use URL Rewrite to do it

first you have to download it and install it on your IIS Server, It is an extension from Microsoft for IIS

https://www.iis.net/downloads/microsoft/url-rewrite

you can find many videos on how to use it or flow these steps

https://www.namecheap.com/support/knowledgebase/article.aspx/9953/38/iis-redirect-http-to-https

regards

[Tokay]

Up. I want to do it on the UniGUI side, I don't want to set any dummy port for later disable it

It has very simple solution (when sources is accessible, but we unfortunatelly has no sources, and have to bother support).

Just bind one port and use same port for https connections and that's all:

 IdHTTPServer1.Bindings.Add.Port := HTTPPort;

procedure TWebDataModule.IdHTTPServer1QuerySSLPort(APort: word; var VUseSSL: boolean);
begin
 VUseSSL := APort = HTTPPort;
end;
 

That's all.

[irigsoft]

Hello, look here

 

[andyhill]

Server Options

soAutoRedirectHttps

[Tokay]

11 hours ago, andyhill said:

Server Options

soAutoRedirectHttps

Thanks all for reply. Does this option needs only one port? If no, then it's wrong solution for me. I need to open only one port, not both for http and https.

[irigsoft]

25 minutes ago, Tokay said:

Thanks all for reply. Does this option needs only one port? If no, then it's wrong solution for me. I need to open only one port, not both for http and https.

Hello, Can You explain more of Your needs?

You want to disable port or just redirect to https ?

Your examples with Indy are equivalent to soAutoRedirectHttps = True

[irigsoft]

.

 

[Tokay]

3 hours ago, irigsoft said:

Hello, Can You explain more of Your needs?

You want to disable port or just redirect to https ?

Your examples with Indy are equivalent to soAutoRedirectHttps = True

I need only one listened port with https connection on it.

[andyhill]

ServerModule
UniGUIServerModuleBeforeInit

// Remove Default Project HTTP Port
Bindings.BeginUpdate;
Bindings.Clear;
Bindings.EndUpdate;

// Add HTTPS port
SSL.SSLBindings.BeginUpdate;
SSL.SSLBindings.Clear;
with SSL.SSLBindings.Add do begin
  IP:= BindToSslIP;
  Port:= SslPort;
  BroadcastEnabled:= True;
end;
SSL.SSLBindings.EndUpdate;
 

[Tokay]

I'll try, thank you!

[Tokay]

Unfortunatelly your solution doesn't works here. Software shows message 

[Window Title]
Test

[Content]
Could not bind socket.

[OK]

And application closed.

[Hayri ASLAN]

Hello

Do you want to disable http port completely or you want redirect users visited "http://yoursite" to "https://yoursite" ?

[andyhill]

"Could not bind socket"

You must use a valid BindToSslIP and SslPort, try

127.0.0.1

443

 

[Tokay]

14 hours ago, Hayri ASLAN said:

Hello

Do you want to disable http port completely or you want redirect users visited "http://yoursite" to "https://yoursite" ?

I want to disable (even don't bind) any http port. Bind any one port for https and that all.

It definitely possible in the Indy library, our 'main' web works well in such mode.

[Tokay]

Up

[Tokay]

Up

[irigsoft]

On 7/21/2021 at 10:00 AM, Tokay said:

I want to disable (even don't bind) any http port. Bind any one port for https and that all.

Hello, I am sorry but I can't understand what You really want.

I am very interested in security and I want to know what the problem is. Have you tried my suggestion using UniGUIServerModuleHTTPCommand or UniGUIMainModuleHandleRequest, you can ignore all http ports, just check for data in UniSession.ARequest.Referer

If You just disable request from http:// ?

 like this on UniGUIMainModuleHandleRequest:

 

if (UniSession.ARequest.URI = '/HandleEvent')
then begin
        //redirect to https
     If POS (''http://', UniSession.ARequest.Referer) > 0 then begin

        UniSession.AResponse.ResponseNo := 308;
        UniSession.AResponse.ResponseText := 'redirected';
        UniSession.TerminateAfterSecs(2);

        //redirect to https
        //RedirectURL := StringReplace(RedirectURL, 'http://', 'https://', [rfIgnoreCase]);
        UniSession.UrlRedirect (RedirectURL);
    end;

[Tokay]

Issue is not about the security, but about ports binding. It's more convenient to bind only one port for us.

[irigsoft]

11 minutes ago, Tokay said:

Issue is not about the security, but about ports binding. It's more convenient to bind only one port for us.

Can You give me some example (code or some image) ?

[irigsoft]

@tokay is that what You want

"I have hosted my site on TCP port 91. Is there a way to bind their SSL certificate on that same port 91?
I'm interpreting this question as "I'm running my site on http://www.mysite.example:91/ and I also want to run it for HTTPS at https://www.mysite.example:91/" (in which case it's not a duplicate of Multiple SSL domains on the same IP address and same port?, as temporarily marked)."

 

from here : https://serverfault.com/questions/342246/how-to-bind-website-and-its-ssl-version-using-the-same-port 

[Tokay]

I've finally found solution in the manual: 'The next parameter to confgure is the SSL port. You can leave it to its default value of 0. In this case you can access your server through the port configured in ServerModule -> Port which is 8077 by default.'. Sorry for annoyance.