nis2
How to fix: HTTPS enforced (NIS2 transport security)
NIS2 Art. 21(2)(a)
Why this matters
Plain-HTTP service is below the cybersecurity baseline expected of NIS2 essential and important entities. Force HTTPS at the origin and via redirect.
Background
Plain HTTP traffic is observable + modifiable by any network-on-path attacker. NIS2 requires transport encryption as a baseline technical measure. Configure HTTP → HTTPS 301 redirect at the reverse proxy.
References
NIS2 Art. 21(2)(a) · BSI IT-Grundschutz
How to fix
Code snippet for each stack we cover. Pick the one matching your server / framework.
nginx
server { listen 80; server_name your-site; return 301 https://$host$request_uri; }
apache
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
cloudflare
SSL/TLS → Edge Certificates → Always Use HTTPS → ON.
wordpress
Install Really Simple SSL plugin OR set siteurl + home to https:// in Settings → General.
flask
Use flask-talisman force_https=True OR redirect in middleware.
express
app.use((req, res, next) => req.secure ? next() : res.redirect(301, 'https://' + req.headers.host + req.url))
rails
config.force_ssl = true
Verify it's working
curl -sI http://your-site/ | head -1 — should return 301 to https://.
Want to know if your site has this issue?
Run a free 53-check audit — security, GDPR, NIS2, and technical SEO.
Audit my site →