IIS 7.0: unwanted automatic redirect to HTTPS
Situation:
- WinServer 2008 R2 with IIS 7.0
- Default Web Site with the following bindings: HTTP on port 80 for
www.<domain>.comand HTTP on port for<domain>.com, as well as HTTPS on port 443 - No redirects (only a wordpress URL rewirte to get rid of 'index.php')
- No sites require SSL as of yet (will later be changed for single pages / applications)
Problem: Every time I enter <domain>.com as the URL in any browser, I get redirected to https://www.<domain>.com [<-- note the 'S'] (bad). When I enter www.<domain>.com, it stays as it is (good).
I double checked the settings a hundred times and cannot find any reason for that behavior. Any ideas?
IIS won't do that kind of redirect with a simple configuration, it's much more likely whatever is the first page answering the connection sending the redirect - Wordpress or a plugin, perhaps?
Install FireFox with the TamperData plugin on your client, and watch the web request to http://domain.com and see what is sent to the server, and see how the redirect comes back and at what stage - is anything served first, what headers does it come with. Maybe that will shed some light on it?
I took the advice and installed TamperData and also recorded the traffic with Wireshark.
Result:
Not the IIS, but the client/browser was the culprit! The client always sent a request to https://www.<domain>.com via port 443 as both tools showed. So I cleared all caches in the browsers and removed all pre-existing security exceptions (that I once apparently created when testing SSL pages via IIS since my domain certs were self-created/-signed). Now with all those disturbances gone, the client once again works well-behaved and only sends out the requests I actually type it, since no exceptions are present anymore that could let it to believe that I might prefer an HTTPS attempt.
Thanks for pointing me in the right direction!