diff --git a/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml b/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml
index 2e030c99..1699684c 100644
--- a/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml
@@ -18,6 +18,7 @@ controller:
     disable-access-log: "false"
     log-format-escape-json: "true"
     # hardening
+    force-ssl-redirect: "true"
     hsts-max-age: "31449600"
     hsts-preload: "true"
     ssl-protocols: "TLSv1.3 TLSv1.2"
diff --git a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
index 4ffd3208..97156548 100644
--- a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
@@ -30,9 +30,6 @@ spec:
         - ports:
             - port: "80"
               protocol: TCP
-          rules:
-            http:
-              - {}
         - ports:
             - port: "443"
               protocol: TCP
@@ -155,9 +152,6 @@ spec:
               protocol: TCP
             - port: "80"
               protocol: TCP
-          rules:
-            http:
-              - {}
     # connect to Rook-Ceph RGW/S3 object store in-cluster
     - toServices:
         - k8sServiceSelector: