Mark Williams 13 Posted July 23, 2020 I am configuring my server (TWebModule) to dispense with TLS where the request is from a machine on a local network. To do this I am checking the following properties of TWebRequest: ServerPort - to see if the request has come in on 443 If not 443 then RemoteAddr - to see if the ip address of the requestee falls within the private ranges: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 If it doesn't reject the request and ask it to be made over http. Is this a sound approach? Are there any dangers I should be aware of? If this is a sound approach I assume I should add a config files to specify the permitted ip ranges so that it could include private networks that fall out Share this post Link to post
Angus Robertson 519 Posted July 23, 2020 If you mean you only want to accept LAN connections on port 80 or something, you can can do as you suggest, but this is irrelevant to SSL/TLS. It is quite normal nowadays to respond with a redirection to the correct HTTPS URL. Angus 1 Share this post Link to post
Mark Williams 13 Posted July 23, 2020 Researching a little more thoroughly, I've come to the conclusion that this is probably not a good idea for security reasons. Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
