How do I give a Connection Reset error to the user if the user accesses the website like http://example.com:443, instead of giving the following error:
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
The above error is provided by Apache to the user which I do not want. I instead just want to stop the connection, and not give a text response. Is this possible, it should be, because many websites have this feature. Thanks in advance. (Also, I couldn’t try anything myself because I don’t have any clue about how this works, so that I can implement it myself if I can).
Similar in a way, but doesn’t answer my question anyways: Serving port 443 over http creates 400 Bad Request Error instead of redirect, but mentioned: “If you try such requests with other servers then they would either close the connection without any error at all or just hang because they are still hoping to get a TLS handshake from the client”, so my question is on how to close the connection if the user accesses http://example.com:443.
Just in case:
Please note that I want to close the connection when an user accesses port 443 on http:// instead of https://. I don’t want apache to display the Bad Request message. I want to close the connection because, it is mentioned that it is not possible to redirect 443 on http:// to https://. If there is any method to do that, let me know (except for HSTS, which I am not willing to trust). I think this will be done using a firewall (not sure). I have also seen cPanel do this, but I am not using cPanel for some other purpose, so kindly don’t ask me to.
It is not possible to change the 400 bad request page unless you modify Apache’s source code, so a redirect from http to https there will not be possible. I don’t think I am permitted to modify Apache’s source code.
I also saw that running
curl http://www.google.com:443 says
curl: (52) Empty reply from server, so sending an empty reply should be enough to stop the connection right? I am not sure. But maybe yes, if so, how? (Don’t answer this question if there is a different method of doing the connection cut thingy).
To be clear: I am asking for something like
sudo ufw deny out 443 http (might be invalid) or something.