Community discussions

MikroTik App
 
bonnecomm
newbie
Topic Author
Posts: 38
Joined: Sat May 30, 2009 8:29 am

Redirect HTTPS nicely

Wed Dec 08, 2021 12:56 am

I have client addresses mapped to 172.20.100.0/22. Every now and again, I want to redirect them, one at a time, to a server where they'll be asked to update their information. That server is at 172.21.100.4
As an example, I have
/ip firewall nat chain=dstnat src-address=172.20.100.8 action=dst-nat to-addresses=172.21.100.4 protocol=tcp dst-port=80,443

This mostly works. But in the browser, if I go to say https://bing.com, I get an invalid certificate error which makes sense since the certificate is for the server at 172.21.100.4 and not for bing.com and FireFox for one does not allow me to proceed at all. Some other browsers do but it's very messy. I'd like to make it cleaner, to just get to the site. Any suggestions?
 
sid5632
Long time Member
Long time Member
Posts: 553
Joined: Fri Feb 17, 2017 6:05 pm

Re: Redirect HTTPS nicely

Wed Dec 08, 2021 1:03 am

You can't redirect HTTPS 'nicely'. That's the whole point of it. It tells you when something dodgy is going on.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Redirect HTTPS nicely

Wed Dec 08, 2021 1:34 am

Look at it from the other side, do you want someone else to have ability to hijack your connection and redirect it to different server? For example when accessing your bank? The answer is no. You may not need it for something bad, but others surely would. So that's exactly what https prevents, and no exception exists, because it would be abused. There's no clean way how to redirect https. Closest to it would be what hotspot does. It also tries to do MITM, but in a way that browser or OS should detect it and redirect user to login page.

Who is online

Users browsing this forum: No registered users and 25 guests