400 The Plain Http Request Was Sent To Https Port

This article discusses a potential security incident involving an HTTP request being redirected to HTTPS (HTTPS Port) by Cloudflare.

Symptoms of the Incident

The incident occurred when a user accessed a sensitive resource on a public cloud platform using an HTTP request instead of HTTPS. The same user was redirected to the HTTPS port without any indication that their traffic had been altered.

Cloudflare Configurations

In this section, we will discuss how Cloudflare configurations can be exploited to redirect HTTP requests to HTTPS. In 2014, the law firm Summerschool highlighted an incident where a user's request was redirected to the HTTPS port.

Security Implications

A potential security implication of this incident is that it highlights the importance of monitoring Cloudflare configurations and ensuring that users are accessing resources through HTTPS. If a user's request is being redirected to the HTTPS port, they may be exposing themselves to security risks.

https://conferences.law.stanford.edu/ipsummerschool2022/2014/01/21/ac-pulvinar-turpis-scelerisque-2-3