Reputation: 15
http redirects to https
What would cause a site to try an go to an https url?
We have sitecore set up to redirect non www URLs to www pre-pended URLs. Example: joesrx.com resolves to www.joesrx.com through the Sitecore URLResolver.
What we are seeing is that if you type joesrx.com, it tries to go to https://joesrx.com before it hits the Sitecore server. Since there are no certificates on this server and https is not utilized we get a 404.
Is there something in IIS that is misconfigured? Proxy teams says it is not in their setting and network team says all of the DNS entries are correct.
Upvotes: 0
Views: 622
Answers (3)
Reputation: 501
In case the other answers don't help, check for HTST headers such as "Strict-Transport-Security: max-age=31536000".
This HTTP header tells browsers to use only SSL for future requests (among other things).
For more info check out: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Upvotes: 0
Reputation: 7994
There are a few things I would check first:
- Do you have rewrite rules in your web.config? They may be pattern-matching on www. and redirecting in order to enforce SSL
- Do you have code in your pipelines that is attempting to enforce SSL for specific paths? The code here may not be checking the URL correctly.
- In IIS, did you bind the 'www' host name to your IIS site? Or is it falling through to another site that has SSL enforced?
Upvotes: 0
Reputation: 1612
As a general rule for debugging these sorts of problems, try to imagine all the elements between you and the application and then use a simple divide and conquer approach. You can also test behavior on individual levels of the path between you and the actual application.
In this case for example (from you to application code):
- User
- Browser
- browser may do caching of redirects. Try a different browser / try incognito mode / clear cache
- Browser Extensions/Settings
- any extensions which make it so the browser always tries to access website(s) via https? Try with extension disabled / another browser
- Proxies/Firewalls
- any Proxies/Firewalls on your end which may modify requests? Can you try to access the site bypassing any proxies/firewalls, maybe from a different network connection?
- Network
- Web Server
- Web Server Configuration / Pipelines / Resolvers / Filters / Etc.
- .htaccess / IIS config / nginx config / servlet filters / (lots of options depending on your framework). Check the server
- Actual application code
- well.. check the code.
Example of divide and conquer, choosing the Network mid-point: Try accessing the URL with wget/curl from command-line, curl -i will also show you the headers received from the server. If you find a "Location: .." header it's clear that the server is sending a redirect. So now you only have to check Web Server / framework configuration and actual application code.
Upvotes: 1
Related Questions
- asp.net c# redirecting from http to https
- Disable automatic redirect to https iis
- ASP.NET Core Redirect from HTTP to HTTPS problem
- Infinite redirect loop in ASP.NET core while enforcing SSL
- Redirect to https works partially asp net core
- URL should hit https instead of http
- asp.net core redirect http traffic to https issue
- HTTP redirecting to HTTPS automatically in ASP.NET MVC
- Redirects http to https in ASP.NET 1.1
- IIS 7.0 redirecting https to http