Translation port causing Error 400: Reason: You're speaking plain HTTP to an SSL-enabled server port

Question

A port translation is configured on a firewall with public address to redirect an https request from https://customdomain.fr:8443 to https://localIP-apache-server .

The translation works well and the index.php page is displayed correctly.

When i authenticate to the portal, the url is changed to http instead of https, and the following message appears:

Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.

If i replace http by https, the page is correctly displayed.

I use a wamp server. In my httpd.conf there is 2 VirtualhHost, one for port 80, and one for port 443. Both port are listened. I tried to enable a RewriteRule in httpd.conf in VirtualHost 443:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule "^/?(.*)" "https://customdomain.fr:8443/$1" [L,R,NE]

But the error 400 still occurs. It seems that Apache send the Error before the request is read by the VirtualHost 443.

So I tried to set the following code before VirtualHost 443 in httpd.conf:

ErrorDocument 400  https://customdomain.fr:8443/aaa/bbb

I do not have Error 400, but the displayed page is https://customdomain.fr:8443/aaa/bbb/index.php and not another page by example https://customdomain.fr:8443/aaa/bbb/order.php

Do you know a way to display the requested page using ErrorDocument or another way to solve my issue please ?

Answer 1

I found the solution: enable HSTS by adding the following code in httpd.conf:

Header always set Strict-Transport-Security "max-age=15552001; includeSubDomains;"

In this case, the browser send all requests via https adn not via http. Issue solved.