wai-enforce-https alternatives and similar packages
Based on the "wai" category.
Alternatively, view wai-enforce-https alternatives based on common mentions on social networks and blogs.
-
-
-
-
wai-middleware-static
WAI middleware that intercepts requests to static files and serves them if they exist. -
-
-
-
-
wai-cli
DISCONTINUED. Command line runner for Wai apps (using Warp) with TLS, CGI, socket activation & graceful shutdown | now on https://codeberg.org/unrelentingtech/wai-cli -
-
-
-
-
-
wai-middleware-static-caching
WAI middleware that intercepts requests to static files and serves them if they exist. -
-
-
-
CodeRabbit: AI Code Reviews for Developers
Do you think we are missing an alternative of wai-enforce-https or a related project?
README
Wai Enforce HTTPS Safely enforce HTTPS in wai application
Wai middleware enforcing HTTPS protocol on any incoming request.
In case of non-encrypted HTTP, traffic is redirected using 301 Permanent Redirect
or optionally 307 Temporary Redirect.
Middleware has compatibility modes for various reverse proxies (load balancers) and therefore can be used with Heroku, Google Cloud (Ingress), Azure or any other type of PAS or Cloud provider.
Comparison with ForceSSL
Wai-Extra
package comes with Network.Wai.Middleware.ForceSSL module exposing middleware intended for the same purpose.
There are several practical weaknesses of this implementation compare to one provided by wai-enforce-https.
| Behavior | EnforceHTTPS (wai-enforce-https) | ForceSSL (wai-extra) |
|---|---|---|
| Redirecting methods by default | GET, HEAD (by default) |
All |
| Redirect status | 301 (default) or 307 (optional) |
307 |
| Safe against header spoofing | ✔ yes | ❌ no |
| Forwarded spec compliant | ✔ yes | ❌ no |
| Configurable port | ✔ yes | ❌ no |
| Configurable host | ✔ yes | ❌ no |
405 with Allow header support |
✔ yes | ❌ no |
Overall, this package aims to be secure by default and configurable as much as possible to fit any specific needs.
Forwarded
In addition to the main functionality (enforcement of HTTPS) this package also comes with module for parsing and encoding Forwarded HTTP header.
Examples
This example is using warp-tls and runs 2 servers:
- HTTP server on port 8080
- HTTPS server on port 8443
if you open http://127.0.0.1:8080 in browser server returns redirect to https://127.0.0.1:8443
{-# LANGUAGE OverloadedStrings #-}
module Main where
import Control.Concurrent (forkIO)
import Network.HTTP.Types (status200)
import Network.Wai (Application, responseLBS)
import Network.Wai.Handler.Warp (defaultSettings, run,
setPort)
import Network.Wai.Handler.WarpTLS (runTLS, tlsSettings)
import Network.Wai.Middleware.EnforceHTTPS (EnforceHTTPSConfig (..))
import qualified Network.Wai.Middleware.EnforceHTTPS as EnforceHTTPS
handler :: Application
handler _ respond =
respond $ responseLBS status200 [] "Hello over HTTPS"
httpsConf :: EnforceHTTPSConfig
httpsConf = EnforceHTTPS.defaultConfig { httpsPort = 8443 }
app :: Application
app = EnforceHTTPS.withConfig httpsConf handler
main :: IO ()
main = do
let tls = tlsSettings "examples/cert.pem" "examples/key.pem"
_ <- forkIO $ run 8080 app
runTLS tls (setPort (httpsPort httpsConf) defaultSettings) app
Another common example is running server behind reverse proxy.
Say for instance we want to host our app on Heroku
while using its https support and make sure we
redirect all HTTP traffic to HTTPS.
Heroku is forwarding traffic with additional header containing
information about protocol named x-forwarded-proto.
{-# LANGUAGE OverloadedStrings #-}
module Main where
import Network.HTTP.Types (status200)
import Network.Wai (Application, responseLBS)
import Network.Wai.Handler.Warp (runEnv)
import qualified Network.Wai.Middleware.EnforceHTTPS as EnforceHTTPS
handler :: Application
handler _ respond = respond $
responseLBS status200 [] "Hello from behind proxy"
app :: Application
app = EnforceHTTPS.withResolver EnforceHTTPS.xForwardedProto handler
main :: IO ()
main = runEnv 8080 app
Bulding Examples
In order to run examples project must be build with examples flag:
$ cabal build -f examples