搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

False https-requests?

  • 2 个回答
  • 0 人有此问题
  • 34 次查看
  • 最后回复者为 alexander76

more options

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://hostname.local.domain:55414.

I can no longer browse to this address, Firefox responds with

Secure connection failed and the error code SSL_ERROR_RX_RECORD_TOO_LONG

Looking at the GET request, the scheme is set to https and there is only one request, no redirect.

I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain.

I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://myhostname is fine, but accessing http://myhostname.local.domain again causes FF to switch to an https-request.

What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile...

Using Bitdefender for AV/FW, disabling it makes no change.

Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http.

Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!?

Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious?

Best regards Alexander

EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://''hostname.local.domain'':55414. I can no longer browse to this address, Firefox responds with ''Secure connection failed'' and the error code ''SSL_ERROR_RX_RECORD_TOO_LONG'' Looking at the GET request, the scheme is set to https and there is only one request, no redirect. I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain. I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://''myhostname'' is fine, but accessing http://''myhostname.local.domain'' again causes FF to switch to an https-request. What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile... Using Bitdefender for AV/FW, disabling it makes no change. Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http. Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!? Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious? Best regards Alexander ''EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.''

由alexander76于修改

被采纳的解决方案

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

定位到答案原位置 👍 1

所有回复 (2)

more options

选择的解决方案

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

more options

You are right. The TLD we are using is a fairly common one to use internally, and previously used as a recommended default by a certain big software company. It's now listed on the HSTS preload, along with ALL SUBDOMAINS. Bastards :)

I've googled around and the "best" I could find for Firefox is the setting network.stricttransportsecurity.preloadlist to false. It would be handy to be able to add local exceptions for the preload list instead of disabling it entirely.

Time to change our domain, *sigh*.

Anyway, thanks! Alexander