Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://hostname.local.domai… (xle nububuwo)
Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://hostname.local.domain:55414.
I can no longer browse to this address, Firefox responds with
Secure connection failed and the error code SSL_ERROR_RX_RECORD_TOO_LONG
Looking at the GET request, the scheme is set to https and there is only one request, no redirect.
I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain.
I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://myhostname is fine, but accessing http://myhostname.local.domain again causes FF to switch to an https-request.
What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile...
Using Bitdefender for AV/FW, disabling it makes no change.
Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http.
Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!?
Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious?
EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.