WAF provides convenient HTTPS functions to help you achieve HTTP back-to-source and HTTPS force redirect without reconstructing the origin.
Follow these steps to enable HTTPS advanced settings.
Log on to the Alibaba Cloud Security WAF console and access the Website Configuration page.
Click Edit under the Operation list of the target domain name.
Select HTTPS under Protocol type, and then click Advanced settings.
Enable HTTP back-to-source (by default, back-to-source port is port 80)
If your site does not support HTTPS back-to-source, enable HTTP back-to-source to use WAF for HTTPS access. With this configuration, the client can use HTTP and HTTPS methods to access the site.
Note: Using HTTP back-to-source does not require any modification on the origin server, or any HTTPS configuration. However, you must make sure that you upload the correct certificates and keys in WAF. You can apply for the certificates free-of-charge at Alibaba Cloud Certificate Service.
Enable HTTPS force redirect
If you want to force clients to use HTTPS to access your sites, you can enable HTTPS force redirect.
After HTTPS force redirect is enabled for WAF, HTTP back-to-source can be enabled/disabled based on the actual needs. If HTTP back-to-source is enabled, WAF redirects HTTP requests from clients to HTTPS and sets the HSTS attribute of clients daily. Clients supporting HSTS can directly use HTTPS to access the site, and those that do not support HSTS can access the site through redirection, and their access remains unaffected.