Hi,
Here’s my web proxy rule:
> /ip proxy access add dst-host=example.com action=deny redirect-to="https://example2.com"
If the web proxy rule hits, I got redirect to http://https//example2.com. Is it possible to redirect to https url?
Thanks
Hi! I think that proxy won’t work with HTTPS, it can break all of the security stuffs behind HTTPs and its probably that your browser detects a false positive man-in-the-middle attack.
such redirects should be done by the server, not a router
Thank you for your reply, but could you please explain this.
Mikrotik Web Proxy can hande http redirects.
$ curl -sD - -o /dev/null http://example.com # not the real hosts there, they are just for example
HTTP/1.0 307 Temporary Redirect
Content-Length: 0
Content-Type: text/html
Date: Sat, 12 May 2018 15:05:27 GMT
Expires: Sat, 12 May 2018 15:05:27 GMT
Server: Mikrotik HttpProxy
Proxy-Connection: close
Location: http://example2.com
But why it can’t handle https redirects? Looks like all we need here, it’s set “Location” header to proper url:
...
Location: https://example2.com
But what I get instead:
...
Location: http://https//example2.com
Why is the proxy (Mikrotik HttpProxy) forces http even if https scheme specified?
Thanks
Hi,
+1
I encounter the same issue, I have a redirect rule in the web proxy, in order to catch all HTTP requests (from a Redirect DNAT Rule on TCP/80), and ask the browser to redirect to my web portal (HTTPS URL). The redirect To URL starts with https://, but the Web Proxy adds http:// before the url, which leads to http://https//whatever.
I’ve found some tutorials and presentations on the web, where a redirection on a https:// is working, so I suspect we have a regression somewhere. I’m pretty sure I was able to redirect to https:// some years ago on different setups.
Regards
A redirect is a redirect. Whatever is the URL. The router only sends a redirect message (307) to the client. The client is responsible of the execution of the redirection, not the router. We should be able to specify any URL scheme in the Redirect To field, like in any other web proxy or web server.
I really don’t think that would work redirections to https are done by webservers because they tell the browser to start talking ssl over XXX port, if you do a redirect on the router you are just changing the packet data the browser doesn’t know and will continue like if it were an http connection, Possible solution run an http webserver and on the router redirect the client to it over http and then make the webserver redirect the client to https. i’am sure this is not the best solution for this but its all that comes to mind.
A redirection to the target URL (HTTPS or not) is performed by the client (browser…) not the web server, not the proxy.
The 307 redirection packet is only here to tell the client where to go. On a browser, the URL in the address bar is fully rewritten, so there is no issue about ssl domains or whatever.. just potential warning if the site is mixing HTTP and non HTTPS content from different domains which is bad.
So yes, the only solution today is to host another proxy or web server externaly to make a HTTP redirect with a HTTPS location… or wait for Mikrotik to allow any scheme in the Redirect To field. If no scheme, then silently add ‘http://’ to allow backward compatibility.
now it works you can redirect a single page to HTPS by adding https://example.com.
But it doesn’t work with variables like in squid 
My friend Google didn’t tell anything about it