URL address conversion

RouterOS Beginner Basics
1

Hello members of this forum,
I would like to ask you about thing which I exactly don´t know, if it is possible to realize with Mikrotik routers.
I need the conversion of the address - please, see this example:

https://www.exampleaddress.com/index3.html >> CONVERSION >> http://www.exampleaddress.com/index3.html

As you can see, I just need simple removing of “s” from “https”, that is all.
Is this possible, please?
Thank you in advance for your answer.
Regards Martin

2

Hello ManOLCZ!

I am not sure about what do you need.
Do you need that when a user inside your LAN, write this url (outside your LAN, somewhere in Internet), they will be redirected in port 80 instead 443?
Maybe creating a dst-nat, only changing the port, from 443 to 80, but I am not sure if this will work.

Regards,
Damián

3

Forcing (tricking?) someone to non secure connection ?

:open_mouth:

4

That can’t work. Browser expects to talk HTTP over SSL when URL entered starts with https:// and the remote port number is of the least concern here. Port 443 is merely default port for that particular protocol. Trying to use URL https://www.exampleaddress.com**:80**/index3.html is exactly the same you proposed above and almost certainly doesn’t work because servers generally expect clients connecting to port 80 to speak plain text HTTP.

5

You are right, I didnt reallice

6

What happen if the site has http and https?

7

My explanation still holds true. http (unencrypted) works over port 80 and https (encrypted) works over port 443. I don’t think it’s possible to configure any of popular web servers to serve both http and https over same port (but I might be wrong).

What many sites now do is that they accept un-encrypted connection to port 80 and send back a redirect to https site. Then browser makes proper https connection (to same site but) to port 443 requesting page over encrypted connection.

As there’s no mechanism for client to verify that it’s talking to correct http server, it is possible to redirect plain text connections to some other site by any router between client and server. When client uses encrypted communication channel, it can verify server’s identity and thus it’s hard (but not entirely impossible) for some router to redirect connection elsewhere.

8

Technically it would be possible to support both on same port, but I’m not aware of any server with such option.

And for OP, no, it’s not possible. It does sound simple, just one small “s”, but it’s much more complicated. I’m not sure how much you know how these things work, but protocol in address is processed locally by browser, and it tells it to what port it should connect and how it should talk to it. Those addresses are not sent as you wrote them when browser makes a request.

Only thing that could work would be if you had transparent http proxy and if these links are part of some webpage, then it would be possible to rewrite them, so client would get html page with https links changed to http. You can’t do it with RouterOS and I don’t know if any other proxy supports it. But it would still be mostly useless, because now most pages are loaded over https, and since that is encrypted, nothing on the way can change anything.

9

First of all thank you for your feedback. The purpose is exactly what the title of this topic says.
Just remove “s” from https… string. Why? My old internet radio is not able to use https links to podcasts and i noticed, that if I just change https to http, it returns me the podcast tracklist.
But, unfortunately, returned tracklist has https for each track again. By manual removing, I am able to play the tracks. Therefore I am asking for this “strange” conversion. It seems, that the host works on https primarily, but it is able to return http requests too. I hope, that I explained it clearly. Any ideas, if possible to manage it on side of my MT? Sure,that I want to apply this rule just for one device in my network - the internet radio.
Maybe my idea is dumb, but I tried it and it works, therefore I am asking for this…

10

I am not sure about this:
Your old Internet radio is inside your LAN and all the connetions are originated outside?
What device is your internet radio?

Regards
Damián

11

Radio is inside of my LAN and I am changing it directly on that radio.
So,I have https address of the podcast, I enter the address without “s” and it returns me the tracklist, which is unplayable, because the tracks also contain https.If it helps,my radio is Noxon iRadio Cube.
Regards
Martin

12

I don’t think that ROS can do it. Only full-featured proxy servers could do it (squid-cache, apache, nginx, …) and even then there would be some work to do because contents of the reply would have to be rewritten so that radio would actually see http URLs in the play lists. And I’m not sure if that’s possible to be done. One workaround would be to fetch the most used playlists and hand edit them, then instruct proxy server to redirect fetches of playlists to your local http server …
I’m pretty sure the above could be run on a RaspberryPI.

But then it would be easier just to ditch the old internet radio and get a more modern one. If SW upgrade is not available for your old one. That would be the only future-proof sollution, I expect that availability of same audio streams over both http and https is a temporary sollution …

13

Dear Metod,
yes, now I am using the proxy server which enables using https podcasts with my old radio. I just wanted to try to find the way without using the server. As I see, unfortunately, it doesn’t seem to be possible. Or?
Regards
Martin

14

Without proxy server, no. Without another device, maybe. If your router supports Metarouter, you could use it to run proxy server there under OpenWRT. But most current RBs don’t support it, so it’s probably not the solution for you.