Connection attempts over HTTP are silently redirected to HTTPS, except for connection attempts to the Horizon console. HTTP redirection is not needed with more recent Horizon clients because they default to HTTPS, but it is useful when your users connect with a Web browser, for example, to download Horizon Client.

The problem with HTTP redirection is that it is a non-secure protocol. If a user does not form the habit of entering https:// in the address bar, an attacker can compromise the Web browser, install malware, or steal credentials, even when the expected page is correctly displayed.

Note: HTTP redirection for external connections can take place only if you configure your external firewall to allow inbound traffic to TCP port 80.

Connection attempts over HTTP to the console are not redirected. Instead, an error message is returned indicating that you must use HTTPS.

To prevent redirection for all HTTP connection attempts, see "Prevent HTTP Redirection for Client Connections to Connection Server" in the Horizon Installation and Upgrade document.

Connections to port 80 of a Connection Server instance can also take place if you off-load TLS client connections to an intermediate device. See "Off-load TLS Connections to Intermediate Servers" in the Horizon Administration document.

To allow HTTP redirection when the TLS port number was changed, see "Change the Port Number for HTTP Redirection to Connection Server" in the Horizon Installation and Upgrade document.