Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

False https-requests?

  • 2 ответа
  • 0 имеют эту проблему
  • 34 просмотра
  • Последний ответ от alexander76

more options

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://hostname.local.domain:55414.

I can no longer browse to this address, Firefox responds with

Secure connection failed and the error code SSL_ERROR_RX_RECORD_TOO_LONG

Looking at the GET request, the scheme is set to https and there is only one request, no redirect.

I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain.

I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://myhostname is fine, but accessing http://myhostname.local.domain again causes FF to switch to an https-request.

What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile...

Using Bitdefender for AV/FW, disabling it makes no change.

Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http.

Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!?

Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious?

Best regards Alexander

EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://''hostname.local.domain'':55414. I can no longer browse to this address, Firefox responds with ''Secure connection failed'' and the error code ''SSL_ERROR_RX_RECORD_TOO_LONG'' Looking at the GET request, the scheme is set to https and there is only one request, no redirect. I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain. I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://''myhostname'' is fine, but accessing http://''myhostname.local.domain'' again causes FF to switch to an https-request. What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile... Using Bitdefender for AV/FW, disabling it makes no change. Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http. Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!? Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious? Best regards Alexander ''EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.''

Изменено alexander76

Выбранное решение

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

Прочитайте этот ответ в контексте 👍 1

Все ответы (2)

more options

Выбранное решение

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

more options

You are right. The TLD we are using is a fairly common one to use internally, and previously used as a recommended default by a certain big software company. It's now listed on the HSTS preload, along with ALL SUBDOMAINS. Bastards :)

I've googled around and the "best" I could find for Firefox is the setting network.stricttransportsecurity.preloadlist to false. It would be handy to be able to add local exceptions for the preload list instead of disabling it entirely.

Time to change our domain, *sigh*.

Anyway, thanks! Alexander