On 10.02.2016 23:23, Alexander Sabourenkov wrote:
> But if it is your intention to serve exim.org over http, you should remove
> that header. It just might be that I hit some of the domains in https mode
> and HSTS mode got set for the whole domain, maybe with some weird
> dependency on the certificate.
>
> Also, what is the bugzilla cookie doing here?
As Nigel mentioned - (www.)?exim.org is not served via https so you're hitting
default https site on this ip - which is the bugs.exim.org. You'd get exactly
the same thing with
https://131.111.8.88/
Unfortnately - if you hit the
https://exim.org then your browser saved HSTS
information and will redirect you to https - you need to cleanup state:
http://classically.me/blogs/how-clear-hsts-settings-major-browsers
>From my point of view - this is little misconfiguration - the admin should
setup small virtual host that would be default for https - without HSTS and
probably redirecting to
http://www.exim.org (so the bugzilla wouldn't be the
default one).
best regards
--
Marcin Gryszkalis, PGP 0xA5DBEEC7
http://fork.pl/gpg.txt
