0

I've added this code to run on remote machine to redirect all http requests to https

<rewrite>
      <rules>
        <rule name="Redirect to https">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="Off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
        </rule>
      </rules>
</rewrite>

I've run this api with this code on local machine and get This site can’t provide a secure connection that's ok. But when I'm commented this code and run api again it's anyway redirects to https. How could I return back to http?

user2089322
  • 61
  • 8
  • Sounds like [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) may be involved. – mason Aug 22 '17 at 17:33
  • @mason yes, exactly. I didn't found a good solution but [this answer](https://stackoverflow.com/a/39654801/2089322) is good enough for me. thanks for help. – user2089322 Aug 22 '17 at 20:17
  • @mason if you will make an answer I will mark it as accepted – user2089322 Aug 22 '17 at 20:37

1 Answers1

0

It's possible that HTTP Strict Transport Security (HTTP STS) was enabled on your site at some point. Once that's enabled and a client successfully makes an HTTP connection to your site, it will always attempt to connect via HTTPS, even if you type HTTP into the URL and have nothing on the server to redirect it.

The solution is to look up the instructions for your browser for how to clear the HTTP STS setting for a site. This usually involved some sort of cache removal and reset for that site.

To my knowledge, there isn't a way of automatically removing HTTP STS from browsers that you don't control (such as your customers). So one should think twice before enabling HTTP STS.

mason
  • 31,774
  • 10
  • 77
  • 121