This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

https-only mode http request

dougepling
New member
‎12-27-2022 02:01 PM
Status: New idea

Very often I find Firefox displaying a warning message that a certain site is not secure.  I am going to make a wild guess that the Firefox request does not allow for adequate process for request forwarding.  When I was configuring Apache, I included a redirect for all http traffic to connect to https service.  I really don't know this to be the case, but something is generating false negatives for connection requests to https enabled sites.

0 Kudos
Comment
2 Comments
chrisbrousseau
New member
‎02-06-2023 09:17 AM
‎02-06-2023 09:17 AM

Agreed - there are many false negatives, as an example: http://www.recology.com/   which forwards to https://www.recology.com/ and works correctly, despite the Firefox warning message in between these two screens

shirib
New member
‎10-30-2023 05:46 AM
‎10-30-2023 05:46 AM

This has been annoying me a lot lately, my suggestion on how this can be addressed in three parts:

1) In https only mode, when protocol isn't specified it should default to https instead of the current behavior of http. Maybe add a prompt on a failed connection to "Try again with http?" with appropriate security warnings.

2) When connecting to http it should check for 301/302 and if the redirect is just a protocol change, silently accept it instead of prompting (you're obviously going to that site, and it's clearly not a hijack by way of http if all they're doing is sending you to the https version of the exact same site and page)

3) When receiving a redirect to a *different* URL, instead of saying a generic "this site is insecure" it should prompt something like "this site is redirecting to <address> but it's identity can't be verified"

Copyright © 2024 Khoros, LLC