Many administrators who manage web servers on their network tend to block traffic for port 80 (HTTP) and only allow 443 (HTTPS) with the hope that it will secure their network. This is a myth, and this article demonstrates why port 80 is no different than port 443 if your goal is to make your network secure.
It is essential to understand what HTTPS offers in addition to HTTP. It offers two benefits:
Notice the benefits mentioned above only secures the in-transit data between a browser and the web server. It does not change the security level of your server.
Yes. However, it is no different than attacking an HTTPS server. Anything someone can do to an HTTP server can also be done to an HTTPS server. Therefore, to say HTTP is more vulnerable than HTTPS is not correct. That said, you must treat HTTP and HTTPS equally to make your web server secure.
The following is a list of some disadvantages of blocking port 80.
Rather than blocking port 80, consider redirecting its traffic to port 443, which forces the client to switch to HTTPS. The following sequence diagram displays the flow of events.
As an example, let's see how Google configured their website. In this example, we will submit a request
http://www.google.com and watch the communication between the browser and Google's server server.
We will use the Developer Tools that comes with Microsoft Edge browser to view the communication.
Here are the steps:
http://www.google.comin the address bar. Ensure you type http:// in the beginning.
Opening port 80 on your firewall is no different than opening port 443, provided the web server is configured to redirect the traffic to a secure port. This also ensures users connecting on port 80 do not get connection errors.