400 The Plain Http Request Was Sent To Https Port

A common practice in secure online communication is to use HTTPS (Hypertext Transfer Protocol Secure) protocol, which encrypts data transmitted between a client's browser and a web server. However, this setup also has an unintended consequence: when a request is sent from the local machine to the HTTPS port, it will be routed through the firewall or proxy, potentially exposing sensitive information.

For instance, if you're using port forwarding to direct incoming HTTP traffic on your local machine to the HTTPS port on your server, any plain HTTP requests made by a client attempting to connect to the server via HTTPS will have their request sent directly over the public internet. This makes them vulnerable to eavesdropping and tampering.

Why is this a problem?

In today's digital landscape, cybersecurity threats are becoming increasingly sophisticated. By default, most firewalls and proxies block incoming traffic by default unless explicitly configured otherwise. This means that even if you're using the latest security software, your firewall may still be blocking plain HTTP requests from the HTTPS port.

Solutions to mitigate this risk

There are several solutions to address this issue:

• Use a VPN (Virtual Private Network): A Virtual Private Network (VPN) can encrypt and tunnel your traffic through the internet, protecting it from eavesdropping and tampering.
• Configure your firewall to allow HTTPS traffic: Check with your system administrator to see if there are any settings that allow you to directly connect a local machine to an HTTPS port on a server.
• Use a proxy tunneling protocol like Tor: Proxy tunneling protocols, such as Tor, can encrypt and route traffic through multiple proxies, making it more difficult for attackers to intercept sensitive information.

https://conferences.law.stanford.edu/ipsummerschool2022/2014/01/21/purus-rhoncus-et-lundium-2