400: The Plain Http Request Was Sent To Https Port

HTTP is a fundamental communication standard for transferring data over the internet. When you send an HTTP request to a website, your browser or web application initiates a connection with the server using a port number. However, in certain situations, it's possible that this plain HTTP request was sent to an HTTPS port instead of the intended HTTPS port.

1. HTTPS (Hypertext Transfer Protocol Secure) is often indicated by the presence of a 's' at the end of the protocol name. If you're using a web browser or application that supports HTTPS, it will typically connect to the server on an HTTPS port (443).
2. Nginx is an open-source web server software that can be used to serve HTTP and HTTPS requests. By default, Nginx listens on port 80 for HTTP requests, but you can configure it to listen on a different port using the listen directive.

So why might this happen? There are several reasons why your plain HTTP request might be sent to an HTTPS port instead of the intended HTTPS port. One possibility is that the server-side application or framework you're using, such as PHP or Python, doesn't explicitly specify whether it should use HTTPS or not.

Why This Happens

• When a web application uses PHP to generate the HTTP request, the server may not include the 's' in the protocol name, potentially leading to an incorrect port number being used.
• In some cases, the Nginx configuration might be set up incorrectly or the server-side code might be modified to use the wrong port.

Fortunately, there are ways to troubleshoot this issue. One approach is to add an 's' to the protocol name of your HTTP request (e.g., 'https://example.com/path?query=param') and see if it redirects you to the intended HTTPS port. You can also use online tools or debugging techniques to inspect the traffic flow between your browser and server.

Solution

1. Add an 's' to the protocol name of your HTTP request (e.g., https://example.com/path?query=param)
2. Use online tools or debugging techniques to inspect the traffic flow between your browser and server.
3. Verify that your Nginx configuration is correct and properly set up to listen on the intended HTTPS port.

By understanding how HTTP protocol issues and vulnerabilities can arise, you'll be better equipped to protect yourself from potential security threats. Remember to always use the 's' when specifying a secure connection – your server's safety is worth it!

Source: https://conferences.law.stanford.edu/ipsummerschool2022/2018/09/12/hello-world