Clients often send plain HTTP requests to HTTPS ports, which may lead to security issues. When a client sends a request over the internet, it can be intercepted by an attacker and use the sensitive data for malicious purposes.
According to the Porta Est Nascetur Proin 3 presentation, "HTTP over HTTPS is only recommended when necessary" (). However, many organizations still use plain HTTP requests to their advantage. If your website uses a third-party library or an external API, it's possible that they are sending plain HTTP requests to HTTPS ports.
The primary reason clients send plain HTTP requests over HTTPS port is due to the encryption provided by the SSL/TLS protocol. When a client establishes an encrypted connection with a server using HTTPS, it can be more secure than sending plain HTTP requests. However, this also means that any data transmitted between the client and server cannot be easily intercepted or decrypted by an attacker.
One potential issue with clients sending plain HTTP requests over HTTPS port is the lack of visibility into network traffic. If your website uses a third-party library or external API, it may be sending plain HTTP requests to the internet, making it difficult for you to monitor and secure your application.
To avoid these potential issues, follow best practices such as using a proxy server or a load balancer to inspect and filter incoming network traffic. You should also regularly review your website's network configuration and ensure that all necessary connections are established.
https://conferences.law.stanford.edu/ipsummerschool2022/2014/01/21/porta-est-nascetur-proin-3