HTTPS > HTTP > HTTPS redirects

My domain name (ww2civildefence.co.uk) is being redirected from one 301 to another before reaching the main site:

https://ww2civildefence.co.uk/ > http://www.ww2civildefence.co.uk/

http://www.ww2civildefence.co.uk/ .> https://www.ww2civildefence.co.uk/

301 > 301 > 200 OK

So from https to http and then to https again.

Is this usual or is there something I can do to rectify this?

This is output from “curl”…

  • Trying 199.34.228.77:443…
  • TCP_NODELAY set
  • Connected to ww2civildefence.co.uk (199.34.228.77) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • ALPN, server accepted to use http/1.1
  • Server certificate:
  • subject: CN=www.ww2civildefence.co.uk
  • start date: Jan 20 13:20:36 2022 GMT
  • expire date: Apr 20 13:20:35 2022 GMT
  • subjectAltName: host “ww2civildefence.co.uk” matched cert’s “ww2civildefence.co.uk
  • issuer: C=US; O=Let’s Encrypt; CN=R3
  • SSL certificate verify ok.

GET / HTTP/1.1
Host: ww2civildefence.co.uk
User-Agent: curl/7.68.0
Accept: /

GET / HTTP/1.1
Host: www.ww2civildefence.co.uk
User-Agent: curl/7.68.0
Accept: /

  • Mark bundle as not supporting multiuse
    < HTTP/1.1 301 Moved Permanently
    < Date: Mon, 07 Mar 2022 17:36:39 GMT
    < Server: Apache
    < Set-Cookie: is_mobile=0; path=/; domain=www.ww2civildefence.co.uk
    < Vary: X-W-SSL,User-Agent
    < Location: https://www.ww2civildefence.co.uk/
    < X-Host: blu85.sf2p.intern.weebly.net
    < X-UA-Compatible: IE=edge,chrome=1
    < Content-Length: 382
    < Content-Type: text/html; charset=UTF-8
    <
  • Ignoring the response-body
  • Connection #1 to host www.ww2civildefence.co.uk left intact
  • Issue another request to this URL: ‘https://www.ww2civildefence.co.uk/
  • Trying 199.34.228.77:443…
  • TCP_NODELAY set
  • Connected to www.ww2civildefence.co.uk (199.34.228.77) port 443 (#2)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • ALPN, server accepted to use http/1.1
  • Server certificate:
  • subject: CN=www.ww2civildefence.co.uk
  • start date: Jan 20 13:20:36 2022 GMT
  • expire date: Apr 20 13:20:35 2022 GMT
  • subjectAltName: host “www.ww2civildefence.co.uk” matched cert’s “www.ww2civildefence.co.uk
  • issuer: C=US; O=Let’s Encrypt; CN=R3
  • SSL certificate verify ok.

GET / HTTP/1.1
Host: www.ww2civildefence.co.uk
User-Agent: curl/7.68.0
Accept: /

  • Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < Date: Mon, 07 Mar 2022 17:36:40 GMT
    < Server: Apache
    < Set-Cookie: is_mobile=0; path=/; domain=www.ww2civildefence.co.uk
    < Vary: X-W-SSL,Accept-Encoding,User-Agent
    < Set-Cookie: language=en; expires=Mon, 21-Mar-2022 17:36:40 GMT; Max-Age=1209600; path=/
    < Cache-Control: private
    < ETag: W/“3bf81dab72f7c89d2ad4587a5808e130”
    < X-Host: grn92.sf2p.intern.weebly.net
    < X-UA-Compatible: IE=edge,chrome=1
    < Transfer-Encoding: chunked
    < Content-Type: text/html; charset=UTF-8
    <
  • Connection #2 to host www.ww2civildefence.co.uk left intact

The question is where the https://ww2civildefence.co.uk/ redirect comes from? This looks like a “Redirect to www.” type rule, but it is redirecting to the http:// URI instead.

Do you have something on the origin configured to do this redirection where you can configure the destination explicitly?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.