9

Situation:

  • WinServer 2008 R2 with IIS 7.0
  • Default Web Site with the following bindings: HTTP on port 80 for www.<domain>.com and HTTP on port for <domain>.com, as well as HTTPS on port 443
  • No redirects (only a wordpress URL rewirte to get rid of 'index.php')
  • No sites require SSL as of yet (will later be changed for single pages / applications)

Problem: Every time I enter <domain>.com as the URL in any browser, I get redirected to https://www.<domain>.com [<-- note the 'S'] (bad). When I enter www.<domain>.com, it stays as it is (good).

I double checked the settings a hundred times and cannot find any reason for that behavior. Any ideas?

Philip Allgaier
  • 268
  • 1
  • 5
  • 18

2 Answers2

5

IIS won't do that kind of redirect with a simple configuration, it's much more likely whatever is the first page answering the connection sending the redirect - Wordpress or a plugin, perhaps?

Install FireFox with the TamperData plugin on your client, and watch the web request to http://domain.com and see what is sent to the server, and see how the redirect comes back and at what stage - is anything served first, what headers does it come with. Maybe that will shed some light on it?

TessellatingHeckler
  • 5,726
  • 3
  • 26
  • 44
  • 3
    You are right ! I'm programming in ASP.Core and in my Startup.cs I had app.UseHttpsRedirection() that was making the redirection – ihebiheb Nov 09 '21 at 04:47
2

I took the advice and installed TamperData and also recorded the traffic with Wireshark.

Result:

Not the IIS, but the client/browser was the culprit! The client always sent a request to https://www.<domain>.com via port 443 as both tools showed. So I cleared all caches in the browsers and removed all pre-existing security exceptions (that I once apparently created when testing SSL pages via IIS since my domain certs were self-created/-signed). Now with all those disturbances gone, the client once again works well-behaved and only sends out the requests I actually type it, since no exceptions are present anymore that could let it to believe that I might prefer an HTTPS attempt.

Thanks for pointing me in the right direction!

Philip Allgaier
  • 268
  • 1
  • 5
  • 18
  • 1
    Same problem. Clearing cache has no effect. Removing https binding on IIS has no effect. Tried every browser, but each still insist on redirecting to https. Must be an IIS update that is forcing this. I even created a stand-alone html page - no joy. – MC9000 Jan 15 '20 at 13:42
  • It was the ISP! Charter blocks port 80, even on business accounts! Apparently, they just started doing this. Call your ISP and complain loudly (for $300-$500 /mo for a business account, you should need your ISP to "babysit" your company!) – MC9000 Jan 15 '20 at 14:08