Is it not safe to leave http enabled, but have it redirect all traffic to https immediately? That seems to be the least impactful solution for this issue.
I agree that this is something that should be implemented. The shortcuts in cnMaestro always end up as http, so they are all broken for routers with upgraded firmware (you just have to manually enter the https, but it would be better if they worked directly).
I think there is a hypothetical risk with having the http redirect to https, but the point at which someone is probing in that portion of a network, it won't matter.
re: After upgrading to 4.4 release, User/Admin can push/upload the below configuration to enable the HTTP and HTTPS service for remote GUI access. “way_access_web=http&https”
This won't work as remote management is broken to the CPE by the firmware update. If your changing HTTP to HTTPs only then why doens't https://ip work then in my config?
In my configs I have (after r4.4 upgrade)
way_access_web=https
DBID_WEB_PORT=8080
DBID_WEB_SSL_PORT=443
DBID_LAN_LOGIN_ONLY=0
So, why isn't https working?
There is more of an issue here. Sure I could enable both and manage it via http on port 8080 but why isn't https working after the upgrade? It is enabled and the port is selected correctly, just no working management.
That behavior doesn’t make a lot of sense, why would the device not respond and listen on 443 with dmz enabled? Since when would having a dmz have anything to do with this?
A dmz should be forwarding traffic that doesn’t have a nat entry to the dmz specificed IP. Enabling a dmz shouldn’t somehow prevent a routers interface from listening on 443.
I can confirm that disabling DMZ does allow remote management on HTTPS again but I'd like to reinforce that this is NOT a fix. This is a bug that can be worked around by doing this. DMZ should not disable the daemon from listening on the wan interface:443 when web management is set to https only.