搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

False https-requests?

  • 2 回覆
  • 0 有這個問題
  • 39 次檢視
  • 最近回覆由 alexander76

more options

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://hostname.local.domain:55414.

I can no longer browse to this address, Firefox responds with

Secure connection failed and the error code SSL_ERROR_RX_RECORD_TOO_LONG

Looking at the GET request, the scheme is set to https and there is only one request, no redirect.

I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain.

I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://myhostname is fine, but accessing http://myhostname.local.domain again causes FF to switch to an https-request.

What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile...

Using Bitdefender for AV/FW, disabling it makes no change.

Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http.

Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!?

Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious?

Best regards Alexander

EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://''hostname.local.domain'':55414. I can no longer browse to this address, Firefox responds with ''Secure connection failed'' and the error code ''SSL_ERROR_RX_RECORD_TOO_LONG'' Looking at the GET request, the scheme is set to https and there is only one request, no redirect. I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain. I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://''myhostname'' is fine, but accessing http://''myhostname.local.domain'' again causes FF to switch to an https-request. What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile... Using Bitdefender for AV/FW, disabling it makes no change. Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http. Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!? Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious? Best regards Alexander ''EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.''

由 alexander76 於 修改

被選擇的解決方法

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

從原來的回覆中察看解決方案 👍 1

所有回覆 (2)

more options

選擇的解決方法

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

more options

You are right. The TLD we are using is a fairly common one to use internally, and previously used as a recommended default by a certain big software company. It's now listed on the HSTS preload, along with ALL SUBDOMAINS. Bastards :)

I've googled around and the "best" I could find for Firefox is the setting network.stricttransportsecurity.preloadlist to false. It would be handy to be able to add local exceptions for the preload list instead of disabling it entirely.

Time to change our domain, *sigh*.

Anyway, thanks! Alexander