When I access to EC2 with http://XXX.XXX.XXX.XXX, the access was redirected to https://XXX.XXX.XXX.XXX.
Also, EC2 instance does not have certificate for HTTPS.
How do I stop the redirection.
By the way, I am using AMIMOTO of Wordpress.
I am looking forward to your reply.
There are 2 things to consider:
HTTPS redirect is done via server redirect, usually with HTTP status code 301. Depending on your server (nginx, apache etc) there are different ways to achieve that, but assuming it's apache, take a look at this to know what to look for
Once you are hit with redirect, modern browsers cache that 301 response for a long time. So even after you disable it you can still experience redirect. Here's example how to clear that in Chrome. This will obviously affect only your browser and if any customers hit the page, they will still be redirected for quite some time.
But best approach would undeniably be to set up and enable SSL.
Related
If I open my FF developer tools, and look at the network tab, then enter http://mywebsite.com, there would be a 301 moved permanently to the https website as the first network request. If you do that to http://facebook.com, then the first request would be 200 with a request URL of https://facebook.com.
However, if you run a curl -I on both websites, the same result of 301 moved permanently would show. How do they do that?
I am using nginx that redirects to HTTPS behind Amazon ELB.
I think this is an effect of HSTS: HTTP Strict Transport Security
On the facebook responses headers you have this:
Strict-Transport-Security: max-age=15552000; preload
This tells your browser to memorize this HTTP to HTTPS redirection for this domain for a big amount of time, without trying a real HTTP connection to get the 301.
And if you think that having something in your browser which is stored in memory and affects the way the first requests are made on some already visited domains, even after a browser close, could have some privacy impact, well... you would be right.
I want to disable https and want to access a site by http (for experimental purposes).I am using firefox on ubuntu 12.4. I tried by disabling SSL in browser.But then i am not able to access sites with https.
How can i do this?
Some sites, require using https (SSL) for accessing them. The site you try to access would probably redirect you to https (SSL), even if you decide to use http. In that case, you cannot disable the SSL use from your browser, because it is a demand from your target site.
Hope I helped...
As far as I can work out, http://www.example.com is technically a subdomain of http://example.com.
Is it better to have www.example.com as a separate subdomain (pointing at the same content), or is it better to do a perminent redirect of all traffic from http://example.com to www.example.com (or visa versa)?
Excuse my ignorance, but the reason I ask is that I'm worried that having two locations online (one with the www, one without), could cause problems with SEO, cookies, analytics etc.
Thanks!
G
Yes, if it is the same content, then give it a single URI; and redirect example.com -> www.example.com not the other way around (www. is the convention and is where systems will most likely look first). If you host on both urls, then Spiders and other bots may be smart enough to realize that it is the same, but why rely on it when a simple redirect ensures they know?
This also means a slightly simple web server setup (only hosting a single domain) and will be easier down the road if you do things like enable ssl or load balancing.
The only (arguable) downside to redirects is that it will mean an additional http request if the user gets it wrong.
I noticed that Chrome doesn't seem to make an HTTP request to docs.google.com under some circumstances.
What I did, while capturing traffic using Wireshark:
Visit Google Docs, log in
Close Tab
Clear cache (Cache and hosted apps)
Visit http://docs.google.com/
I cannot find a single HTTP request to docs.google.com, all I see is SSL traffic.
I know that there are technologies like SPDY, Cache manifests and DNS CNAMEs that could interfere, but none comes to my mind that could really make the request disappear, especially after clearing the cache.
All requests to http://docs.google.com immediately redirect to https://docs.google.com/. This is hardcoded in Chrome and called HSTS.
I have an IIS6 ASP.NET 2/3.5 site that ALWAYS seems to be caching anything that goes through a https request. HTTP requests always work the same, but i see old/invalid data on https requests.
I see this a lot with pages where i'm doing http rewriting--but in general, it almost seems like the site has one set of values it shows to http requests and another to https requests-- without having any backend code that renders differently based upon the scheme.
Any ideas? Does IIS have a weird ssl caching option i'm not aware of?
The ports were set up wrong in IIS-- although the domain was correct because i was using port 443 it got forwarded to another site (because of host headers setup).