AnsweredAssumed Answered

Attempts to force HTTP over HTTPS

Question asked by Gerald Combs on Dec 19, 2013
Latest reply on Dec 20, 2013 by Ivan Ristić

I recently spun up an HTTPS-only server and noticed a steady stream of "400" errors resulting from attempts to connect via plain, unencrypted HTTP. It appears that a proxy somewhere is trying to force unencrypted traffic by rewriting URLs of the form




Is it common for web servers to be misconfigured such that they allow plain HTTP requests when they shouldn't? Does the SSL Server Test check for this?