Default Web access protocol

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
strange
DD-WRT User


Joined: 18 Jun 2006
Posts: 229

PostPosted: Thu Nov 10, 2022 1:07    Post subject: Default Web access protocol Reply with quote
Since many browsers now by default give warnings or try to block http protocol websites in favor of https protocol would it be possible to have both http and https protocols selected in the Administration/Management tab by default? I know about the self-signed cert issue but IMHO it would make initial set-up a bit easier after doing a nvram erase.
_________________
Netgear XR500 - Gateway
R6700 v3 - Station Bridge
Sponsor
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Thu Nov 10, 2022 8:19    Post subject: Reply with quote
Maybe self-signed cert issue will be resolved in the future or not, anyway isn't this easily solved with about:config?
https://stackoverflow.com/questions/30532471/firefox-redirects-to-https?answertab=trending#tab-top
recommended browsers, troubleshooting, dd-wrt, etc.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Nov 10, 2022 9:12    Post subject: Reply with quote
Self signed certificate will always remain, I doubt very very much BS will ever make a Chain certificate to install browsers side to get rid of the stupid, meaningless and inconsequential browser side warnings. Still would require hoops to jump through to import this and install properly.

Browser makers dont care that Routers and NAS other devices with web interfaces exist with self signed certificates and are not regular websites.

Anyway, while most people see this as an issue, its not, its neither less secure nor a security risk.

As for enabling both HTTP/S its doable, though I fail to see how it will make anything easier to setup, it will still be a soup browser side, I know because I have both enabled when I try to connect to HTTP only the browser switches it to HTTPS (and I dont have HTTPS only enabled), so I still have to fight the browser.

And how hard is it to check one box and click apply?

Also I see this becoming an issue, where then users may think they are connecting securely and end up with this not being the case, so for me its a hard pass for ALL users change. No devices out there come with HTTP/S both enabled.

The only real annoyance with DD-WRT certificates is that at every upgrade you need to add another HTTPS exception, and in my case, I end up with 100+ exceptions browser side as certificates are generated at compile time so dates dont match.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Thu Nov 10, 2022 10:51    Post subject: Reply with quote
I agree but we have to face reality http is phased out by default. Also, about:config is not about https-only mode.

network.stricttransportsecurity.preloadlist = false
browser.fixup.fallback-to-https = false
dom.security.https_first = false
dom.security.https_first_pbm = false

https://bugzilla.mozilla.org/show_bug.cgi?id=1773047 <--- lol sigh
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Nov 10, 2022 11:28    Post subject: Reply with quote
That's Firefox only, not everyone uses Firefox and not everyone that uses it, including me does that advanced config and we cannot ask people to do it and then we need to come up with browsers specific similar advanced config.

In addition until HTTP is utterly unsupported nothing will change and then not all routers have HTTPS support and many user devices with web interface dont even have HTTPS options. That's a problem for browser/device vendors, and browsers do not cater to any of these specifically, for browser makers a web page is a web page and this is dumb and stupid.

This ultimately is a discussion for this suggestion, all pros and cons should be considered and nothing taken lightly, its easy for people to just think about their specific use cases and annoyances and want a solution thats agreeable with them, and consideration must be taken on a myriad of implications.

Anyway, its a trivial change to enable both by default, but I dont see this working out for the best where everyone is concerned.

Personally I dont care, but its not me you have to convince. So a just because reason, wont convince the gatekeeper.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Thu Nov 10, 2022 11:49    Post subject: Reply with quote
I never suggested to enable both, only workaround solutions for https first or redirect and bugzilla https warnings.
As side note, my Netgear EX7500 has both http and https enabled by default with a checkbox for https only mode.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Nov 10, 2022 12:24    Post subject: Reply with quote
Sure you didn't but the OP did and for that a considered argument must be made to convince the gatekeeper, that's my only suggestion as ATM I dont see one.

Your suggestion/workaround is helpful for those who decide to do it especially because it has a widespread impact/implications (unless you have a browser just for DD-WRT), sadly, while FF is more flexible, its not flexible enough to exclude per site basis, but it would be nice if it were possible, same with silly certificate warnings for all affected devices, but I dont see any FF devs with a DD-WRT interest to implement either.

On that note, we recently fixed an issue where DD-WRT devices without SSL and thus no HTTPS, still had the HTTPS checkbox and HTTPS remote access options, this is no more.

I dont enable HTTPS only mode on any of my browsers and still have to fight with it to get HTTP connected, except Tor, still many sites out there still only on HTTP.

Anyway HTTP/S has much to be said about, and while letsencypt offers free certificates its only a yearly one and many sites lets theirs lapse (ive seen a few) because doing it every year is likely too much work. Its the price you pay for free.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
strange
DD-WRT User


Joined: 18 Jun 2006
Posts: 229

PostPosted: Thu Nov 10, 2022 15:35    Post subject: Reply with quote
The only reason why I brought up the http/https suggestion was because I had to fight both Brave and FF browsers a couple of weeks ago when I did an nvram erase. I had forgotten that the current trend (rightfully so, https has unicorn dust Very Happy ) is to push for https. Therefore, I had to hunt through my browser's setting to find where to shut off https only before I could do my initial log-in to my router. It was not a big issue, just a PITA. I've gotten so used to jumping around the self-cert warning it is no big deal. My suggestion, at this point, is purely about convenience, but maybe later on as more browsers move to https only, it might be required.
_________________
Netgear XR500 - Gateway
R6700 v3 - Station Bridge
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Nov 10, 2022 15:54    Post subject: Reply with quote
HTTPS only is not a default browser setting afaik.

https://support.mozilla.org/en-US/kb/https-only-prefs it says there pretty simply and plainly.

Quote:
Secure Connection Not Available

Some websites only support HTTP and the connection cannot be upgraded. If HTTPS-Only Mode is enabled and an HTTPS version of a site is not available, you will see a Secure Connection Not Available page:


Google Chromes cant find it exactly but...
https://9to5google.com/2021/06/29/google-chrome-to-offer-https-only-mode/

Quote:
f you decide to turn the toggle on, Chrome will automatically “upgrade” any website you try to browse from the HTTP version to HTTPS, if available. Since Chrome already defaults to using HTTPS if you don’t specify http:// or https://, this is essentially limited to links that you may click or times when you manually type in an http:// url into the address bar.

If there isn’t an HTTPS version of a site — whether because the site is outdated, or it’s intentionally disabled as is the case for sites like NeverSSL — Chrome will show an interstitial warning page before reverting back to HTTP.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Thu Nov 10, 2022 16:19    Post subject: Reply with quote
This is current Firefox Quantum, and the default settings here are out-of-the-box and have never been touched since this "feature" was added to Firefox. It has also creeped into FF ESR, but has not been forced on Waterfox Classic or Pale Moon that I'm aware of or last checked. You boys can all break out yours for comparison and show me the "money", I'm feeling thirsty and salty <lol>


firefoxquantumhttpsonly.png
 Description:
 Filesize:  74.52 KB
 Viewed:  1257 Time(s)

firefoxquantumhttpsonly.png



_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Mon Nov 14, 2022 19:13    Post subject: Reply with quote
the-joker wrote:
sadly, while FF is more flexible, its not flexible enough to exclude per site basis

If you are talking about https-only mode, FF has had a Manage Exceptions button in settings for that for years. Recently I moved from vanilla FF to LibreWolf (librewolf.net), a tightened-down FF derivative, and it allows these exceptions to https-only as well. So I keep dd-wrt set to https, but I keep 192.168.1.1 (which my configs never use) as an exception so that it will use http, and nvram erase then causes no issues.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum