I'm using Firefox, and while setting up a server, I have been fiddling around with redirects. Now, Firefox has cached a 301 redirect from http://example.com/ to https://example.com/ and from http://sub.example.com/ to https://sub.example.com/.
I've tried the following things:
History -> Show all history -> Forget about this site.
Checked that no bookmark with https://example.com/ is present.
Changing browser.urlbar.autoFill to false in about:config.
Changing browser.cache.check_doc_frequency from 3 to 1.
Options -> Advanced -> Network -> Chached Web Content -> Clear now.
None of the above works, so I checked the redirect with wheregoes.com and it doesn't show any redirect from http to https.
I've even changed the DNS to point to another IP served by a server, where I've never set up redirection - the redirection is still in effect.
I've also tried in Private Browsing in Firefox, and there is no redirect there. I've tried in Google Chrome, and there is also no redirect here.
I've also tried to make a redirect from https to http which worked in Google Chrome, and yielded a redirection error in Firefox.
My version of Firefox is 38.0.1, and I'm using Windows 8.1. I use the following addons: AddBlock, Avast! and LastPass. Avast! may not be the issue, as I've disabled it while testing.
What I can do about it?
"Sites preferences" are the culprit. Wasted 45min of my life finding how to fix it despite all the kb/support.mozilla tricks which does not solve your issue nor did mine. I don't know what triggers this issue, but several of my websites started to go pear-shaped in a few weeks only affecting me and only firefox.
That's the solution you are all looking for:
Go to Preferences
Privacy
Click 'Clear your history' (nothing will happen yet, click safely)
Once the pop-up appears, click Details.
Untick everything except 'Sites Preferences'
Select 'Everything' in the select box at the top
Click Ok
Try now
PS: What I did try that did not worked for me are:
urlbar.autofill false
Forget Website trick
Safe mode
We all know it is not an HSTS issue when a website you own and you accessed before never got https support but now FF wants you to use https... It is just a firefox bug IMO.
The solution that worked for me:
Go to about:config
Look for network.stricttransportsecurity.preloadlist and set it to false
Enjoy
If the above STILL DOES NOT WORK, try setting browser.fixup.fallback-to-https to false from about:config
Using Firefox 100 or above you may also need:
dom.security.https_first to false
dom.security.https_first_pbm to false (this one is for anonymous windows)
I had the same problem but the answer was that I used a .dev extension to access my local websites !
I cleared all historic data in FF and nothing changed.
Searching for another solution, I found this page https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
With .dev being an official gTLD, we're most likely better of changing our preferred local development suffix from .dev to something else. If you're looking for a quick "search and replace" alternative for existing setups, consider the .test gTLD, which is a reserved name by IETF for testing (or development) purposes.
I changed my local website extensions from .dev to .test and all work perfectly !
Alternative solution, easy.
Open Firefox and in the address bar type this URL
http://example.com/?fake_parameter_to_bypass_cache
This should force the browser to reload the web page from http://
None of the answers worked for me, the only the one was the one in the comment of Muhammad so thanks in advance to him, I copy the answer here to make it easier:
Go to about:config
Look for browser.fixup.fallback-to-https and set it to false
Check your extensions!
In my case, DuckDuckGo Privacy Essentials extension was causing this redirect. I disabled it, and the problem is solved.
Now (Firefox 84) it is much simpler to clear the site's data. Just click the padlock icon on the left of the address bar. Then choose "Clear cookies and site data".
I had the same situation as what OP did. It helped me to clear the HTTPS redirect.
Here's what worked for me on Firefox v98.0.2:
Settings -> General
Network Settings -> Settings
Uncheck "Enable DNS over HTTPS
I tried the 'correct' answer, plus the comment about including cache in the deletion, and I was still having issues with my problem site.
I opened the firefox profile directory and searched for the website name in all files.
I found it in 'logins-backup.json' and deleted that file to finally fix the problem.
In my case, I decided to use a *.dev domain for local development. But then I tried to open the site in Firefox, and after a while I realized it uses HTTPS, even when I start the url with "http://..." I tried to right-click on the link in the History, and choose Forget About This Site, or clear the cache. But it didn't help.
Later I found out that the dev domain is in HSTS preload list these days. Which means Firefox and Chrome (and probably others) don't let you access the subdomains w/o HTTPS. More on it here and here.
In my case, it was an addon that did it: disabling DuckDuckGo privacy essentials fixed it.
I had this issue when running Firefox with OWASP ZAP proxy.
I didn't knew it was the proxy causing this.
In hindsight it's easy to test this: run Firefox without OWASP ZAP proxy to see if it works.
To get it working with OWASP ZAP, turn off Heads Up Display (HUD) or enable the HUD only for URL's that are in scope.
My problem was caused by the HTTPS by default extension. There is a bug that opens HTTP bookmarks with HTTPS. To work around, open "HTTPS by default" Preferences pane and enter domain name exclusion.
None of these suggestions worked for me in Firefox v101. What worked for me is changing the value of security.tls.version.min from 3 to 1 in about:config.
[NOTE: After I changed this setting, Firefox initially redirected from http to https. But this time Firefox allowed me to "accept the risk and continue," which wasn't possible when security.tls.version.min was set to 3. --end note]
See also: https://support.mozilla.org/en-US/questions/1116550
Lets get back to the old firefox that was amazing, the 3.6.
Nowadays is full of crap for us developers, and sysadmins.
I have tons of sites in intranet that cannot have a valid ssl, this is a major deal. I cannot download "deb" files because its a threat, i cannot this and cannot that... why? I am a power user i know what to do whit, why should I (we) be treated like the rest of the users?
The cache, i cannot disable the cache to 100% why?
In a blip of a second i will be using links as my browser.
Firefox should have a expert mode, where none of this crap happens.
I am mad with firefox and chrome. That is why i still use firefox 3.6 in a lot of cases, to bypass stupid restrictions.
Now, I had this issue on my workstation's development site. I had an old site that I still wanted to reference, and I couldn't get http to work for anything. There was not https binding, either.
Finally, I realized I had a url-rewrite in my webconfig that redirected all http to https...
hahahaha
Disabling https, is not an absolute in Firefox. Some sites will redirect and may not offer http.
However to choose one url over the other if it is an option you can disable autofil:
Address Bar Search In order to change your Firefox Configuration please do the following steps :
In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear.
Click I'll be careful, I promise! to continue to the about:config page.
In the filter box, type or paste autofill and pause while the list is filtered
Double-click browser.urlbar.autoFill to toggle it from true to false.
I was working on a website on my local computer (mac OS High Sierra) and had put some redirects in the websites .htaccess file (in order to get images from the remote server instead of downloading them). After this it seemed that I could no longer access the website from my Chrome browser. Chrome would answer to any URL leading to the remote server with ERR_CONNECTION_REFUSED.
I tried other browsers on my computer such as Firefox, Chrome Canary, Chromium and Opera. None of them could provide a connection.
Next I checked with a different internet access via TOR-Browser on the same computer whether I could access the website, and it worked.
Next I checked via Terminal whether I could connect to the remote server with ping, nslookup and traceroute. All connecting to the server as expected.
I googled up possible solutions to this problem but could not find one so far. I had read that resetting the DNS cache could help and tried sudo killall -HUP mDNSResponder but it did not.
I did not edit the /etc/hosts file; a restart of the computer did not help; a reset of the .htaccess to the previous state did not help; resetting the caches in the browsers did not help.
How can I access the remote website from my browsers normally again?
EDIT1: Related question: Failed to load resource: net::ERR_CONNECTION_REFUSED for only selective images from instagram API
EDIT2: After about one day I was able to access the remote website again with no further incidents of ERR_CONNECTION_REFUSED even after putting the redirects into the .htaccess file. So it seems to me of being some sort of caching on my computer which prevents the browsers from accessing the remote website. However I have no clue what caused the error message in the first place and what kind of cache it might be.
Shortly after EDIT2 when I was able to access the remote website again, the ERR_CONNECTION_REFUSED appeared again - this time I tested another device with the same internet connection and I had encountered the connection error too. Now I believe it has something to do with the router and/or it's firewall - not the ISP since I could connect to the remote website with shell commands (named above). The image requests to the remote website seem to cause the router to block further access from browsers, probably as a security measure similar to the situation in this article https://www.cnet.com/forums/discussions/can-t-access-a-specific-website-going-thru-my-router-274637/
I currently test NTLM authentication with Apache 2.4 on a windows machine, locally. All work fine. If i open a demo site http://localhost/authfoo/text.php, the site will load without an authentication dialog in every browser. The test.php script get all required authentication data automatically from the current windows user.
So far so good. Tested with Internet Explorer 11, Chrome, Firefox and it works. Only Microsoft Edge open up an authentication dialog and i must enter credentials. All what i see in this dialog window is that the title show my computername instead of localhost. This indicated that Edge use the computername as internal domain, and that is for sure no intranet domain, like localhost is.
There is something for edge that is a so called LoopbackExempt. With that you can allow localhost to be threaded as an intranet site. This setting also not helped me. https://developer.microsoft.com/en-us/microsoft-edge/platform/faq/#how-can-i-debug-localhost
However, when i manually add http://15031489-nb.cstp.intern/ to intranet sites via settings in Edge, than it work when i use http://15031489-nb.cstp.intern/authfoo/text.php without an authentication dialog. But http://localhost/authfoo/text.php still show that authentication dialog.
Btw, http://localhost is also added to intranet sites, just to make sure everything will be treated as an actual Intranet Site.
So, i have no idea of how i can get this thing to work in Edge also, like every other browser already does, even IE 11 work without flaws.
I've been searching this problem for a while and found this answer from the microsoft developer community:
Microsoft Edge doesn't allow integrated Windows Auth over loopback as
a security mitigation to prevent breaking the browser sandbox. The
only workaround offered by the team is to use the FQDN while
debugging.
(Source)
So you will have to use the FQDN instead of http://localhost/, which is http://15031489-nb.cstp.intern/ in your case. I don't believe that Microsoft will ever fix this issue in Edge, as it is intended behaviour.
A client's website was working fine, until they had some problems with their web host. Temporarily, the Apache CentOS Test Page was visible. The host claim the problem is fixed - and it seems to be - for everyone but me...
I'm using Safari 7 on OS X Mavericks and every single time when I visit their site I still see the test page.
When anyone else uses their own computer with any browser, it works fine...
When I use Chrome on my Mac it works fine... So the problem is just with Safari.
I've tried clearing Safari's cache
I've tried clearing the DNS cache
I've tried a restart
But I've got no idea why I can't access it. I need to access the site to work on it - yes I can use Chrome, but Safari is my primary browser. Any ideas?
It turned out this was caused by an issue in a Regex within Apache's Mod_Security. The Regex falsely identified a string contained within a cookie as being an SQL injection (it wasn't - purely coincidental).
I'm running WAMP on Vista and have Apache virtual hosts and my hosts file all set up to allow me to test sites locally using an address like this:
http://testsitex.localhost:8080
Only problem is, it only works in Firefox. IE and Safari (currently the only other browsers I've tried, and the two I'm most concerned about) display an an error.
I'm not currently in front of my machine but the error is something along the lines of:
502 Bad Gateway
Problem with DNS Host Lookup
Can anybody tell me what's going on?
I would try changing it from testsitex.localhost to testsite.loc and see if you have the same problem. Alternatively, try pinging it from the command prompt, and see if you're seeing the same problem.
Another thing might be that Firefox ignores the windows proxy, whereas IE and Safari likely use the default windows proxy (settings -> control panel -> internet -> connections -> lan settings). If your proxy doesn't have the hosts file, this would explain it.
Have you put testsitex.localhost into your HOSTS files?