Jump to content
Mark Williams

Switching TLS on/off on Server

Recommended Posts

I am configuring my server (TWebModule) to dispense with TLS where the request is from a machine on a local network.

 

To do this I am checking the following properties of TWebRequest:

   ServerPort - to see if the request has come in on 443

  If not 443 then

    RemoteAddr - to see if the ip address of the requestee falls within the private ranges:

     10.0.0.0        -   10.255.255.255  
     172.16.0.0      -   172.31.255.255  
     192.168.0.0     -   192.168.255.255

If it doesn't  reject the request and ask it to be made over http.

 

Is this a sound approach? Are there any dangers I should be aware of?

 

If this is a sound approach I assume I should  add a config files to specify the permitted ip ranges so that it could include private networks that fall out

 

Share this post


Link to post

If you mean you only want to accept LAN connections on port 80 or something, you can can do as you suggest, but this is irrelevant to SSL/TLS.   It is quite normal nowadays to respond with a redirection to the correct HTTPS  URL. 

 

Angus

 

 

  • Like 1

Share this post


Link to post

Researching a little more thoroughly, I've come to the conclusion that this is probably not a good idea for security reasons.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×