search

internetstandards / Internet.nl

Internet standards compliance test suite
https://internet.nl
171 stars 35 forks source link

HTTPS Redirect fail on AWS ELB config #1291

Closed KevinAtSesam closed 6 months ago

KevinAtSesam commented 6 months ago

Somewhere in the last month, a change in the HTTPS Redirect test causes certain endpoints to fail... even if the server-side configuration has not changed.

Example

https://internet.nl/site/staging.boldsmartlock.com/2653529/

Your web server does offer support for both HTTP and HTTPS, but does not automatically redirect visitors from HTTP to HTTPS on the same domain.

Curl output

[kevin@fedora ~]$ curl -v  http://staging.boldsmartlock.com
* processing: http://staging.boldsmartlock.com
*   Trying 54.171.255.227:80...
* Connected to staging.boldsmartlock.com (54.171.255.227) port 80
> GET / HTTP/1.1
> Host: staging.boldsmartlock.com
> User-Agent: curl/8.2.1
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Server: awselb/2.0
< Date: Wed, 28 Feb 2024 08:50:21 GMT
< Content-Type: text/html
< Content-Length: 134
< Connection: keep-alive
< Location: https://staging.boldsmartlock.com:443/
< 
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
</body>
</html>
* Connection #0 to host staging.boldsmartlock.com left intact

Possible cause

My guess, is that the :443 port definition is causing this false positive.

Background

It's also worth noting that this is AWS' default configuration for their load balancers.

Screenshot from 2024-02-28 09-53-42

mxsasha commented 6 months ago

Thanks for the report, fixed in #1293, will be included in next 1.8 release.