App answers on HTTP calls, should only be HTTPS

Egil_Helland · January 16, 2024, 3:54pm

I have had 2 users today report that they get security warnings, and I think this is due to them doing HTTP requests, not HTTPS. Don’t know how they got there, but these are the screenshots I have received:

Not sure if this is related to something in Backendless returning HTTP instead of HTTPS for some reason, but I just tried to visit the solution using plain HTTP, and that works but of course give warnings.

Can I turn off the use of HTTP somehow? So that I only get secure traffic?
Is there a way to identify if anything in Backendless return HTTP requests, and redirect them to HTTPS or terminate them?

This is for App ID# DFF48C1B-107F-426C-B45A-5141767DE217, url app.dynamicrelations.no

Egil_Helland · January 17, 2024, 8:25am

Does anyone know if there is a way to block or redirect HTTP calls to HTTPS? I don’t want my app to answer or handle HTTP requests at all, but would like to redirect them to HTTPS if some browser is trying to reach out without secure tunneling.

Bohdan_Vynarchuk · January 17, 2024, 8:58am

Hi @Egil_Helland ,

We are looking into your problem. We will notify you when it will be ready.

Regards,
Bohdan

Bohdan_Vynarchuk · January 17, 2024, 11:32am

@Egil_Helland,

Redirect from HTTP to HTTPS for domain app.dynamicrelations.no was enabled. Could you kindly let us know whether it works for you?

Regards,
Bohdan

Egil_Helland · January 17, 2024, 8:17pm

Yes, that redirect from HTTP to HTTPS works like a charm now! Thanks.

Is this something I should ask for or do something to get on other future apps as well btw?

mark-piller · January 17, 2024, 10:13pm

Yes, please ask, and we will be happy to make the configuration changes on our side.

Regards,
Mark

Louis · February 7, 2024, 7:06pm

Hey Backendless team, we have just added our custom domain streettt.com but we are getting the same issue, please can you redirect to https for this domain?

mark-piller · February 7, 2024, 7:11pm

Hi Louis,

I opened an internal ticket to configure a permanent HTTP to HTTPS redirect for your domain on our side. You will be notified as soon as it is done.

Regards,
Mark

Louis · February 7, 2024, 7:11pm

Cheers, thanks Mark

mark-piller · February 7, 2024, 7:43pm

Hi Louis,

Could you please disable DNSSEC for the domain? It prevents us from using a certificate for you.

Regards,
Mark

Louis · February 7, 2024, 10:49pm

DNSSEC is now disabled