What do I need to do inside of Firefox to force it to use http and not constantly switch to https?
formatting link
What do I do inside of Firefox to force Firefox to ask for a router certificate instead of just assuming it's always bad?
It's a long story but the part that relates to Windows & Firefox is that I'm trying to access a Netgear Nighthawk AC1900 Model R7000 router over Ethernet on Windows 10 but I can't get Firefox (version 109.0.1) to allow me to let Firefox just ignore the (s) in the https security.
I set Windows Ethernet to 192.168.1.x because I know the router is
192.168.1.1 and I pressed the factory reset button for 7 seconds so the router should have been reset to admin/password login credentials.
I type "http://192.168.1.1" into Firefox but it changes that to
formatting link
by some Firefox magic that I didn't have any control over.
I keep typing "http" by removing the "s" but it keeps insisting on going to http(s) but it doesn't give me ANY option to just proceed and let me take the risk.
Why doesn't Firefox let me proceed with http? Why can't Firefox just ask for the certificate? Why won't Firefox let me do what I want to do?
It's so frustrating because I don't understand what is preventing me from just going to http instead of https (which is NOT where I want to go).
I looked at ALL the settings inside Firefox and can't find where the setting is to let me go to http instead of https (or at least ASK me if I feel safe enough to go to http which I do since this is just a router).
Please help me. (For now, I gave up on Firefox and am going to try 'tftp' on Windows next.)
On 03 Feb 2023, Incubus snipped-for-privacy@gmail.com wrote in alt.comp.software.firefox:
How about HTTPS-Only Mode, under Privacy & Security?
==========
HTTPS provides a secure, encrypted connection between Firefox and the websites you visit. Most websites support HTTPS, and if HTTPS-Only Mode is enabled, then Firefox will upgrade all connections to HTTPS.
[ ] Enable HTTPS-Only Mode in all windows (Manage Exceptions...) [ ] Enable HTTPS-Only Mode in private windows only [x] Don't enable HTTPS-Only Mode
Frankly I expect that it's your router doing that rather than Firefox, because it doesn't make sense that Firefox would be doing it. Or maybe you're somehow getting confused by the URL suggestions.
To answer for sure, on Linux you could use: "wget --spider http://192.168.1.1/"And see whether the output shows the router responding with a redirect to
formatting link
You can probably find a port of Wget to Windows 10, I had one that I used with XP. Maybe try the suggestions below before bothering with that anyway.
I think your router is doing the HTTPS thing, not Firefox. The routerlogin.net domain is supposed to resolve to the router, rather than to a server on the internet. I guess they do this to make HTTPS work.
This seems to suggest the above purpose of routerlogin.net:
formatting link
Perhaps you've got DNS-over-HTTPS enabled in Firefox and as such the router's DNS lookup isn't being used, so it's not able to find the router. You can turn this off with a checkbox in the Firefox settings menu (it's a bit burried). In Firefox version 102.7.0esr:
General -> Network Settings (bottom of page, "Settings..." button) -> Enable DNS over HTTPS (uncheck checkbox, at bottom of page)
If it's already unchecked, perhaps you could also have another DNS server configured in Windows. I don't know how Windows 10 does DNS settings, so you'll have to figure that out for yourself if required.
Or if you were right and Firefox changing http to https in the URL bar was the only problem, these settings are how I've disabled a similar behaviour, in about:config (but I think it actually fixes a problem slightly different to what you've described):
I can certainly still visit http sites in Firefox if I type the URL as such.
That sounds like a dead end, unless you're actually trying to flash a new firmware image on the router, in which case it might solve your access problem if the new firmware doesn't use routerlogin.net anymore (but I expect they'll have kept things the same so that people's bookmarks of the router log-in page still work).
When I did that the strange thing is I was able to get, momentarily, a log in into the router but then it reverted instantly back to wanting https!
formatting link
I wasn't on the Internet as I had to disable the Wi-Fi to use Ethernet and as soon as I hit the green submit button, it went immediately to this.
formatting link
But let me try your suggestion with another Windows 10 machine and another Firefox as I was previously testing it on a borrowed fat laptop because my thin laptop doesn't have any Ethernet ports (it only has the USB ports).
The borrowed fat laptop had Wi-Fi so I had to turn that off too, but the desktop I'm going to try it on only has Ethernet so maybe that will help?
(I have a thin laptop so in the future, is there a way to convert the USB-A or USB-C or the HDMI on the thin Windows 10 laptops to Ethernet instead?)
I solved it but I can't really say what specific action solved it because almost everything made no sense because it all "should" have been working.
I had two main problems, one of which is the router stopped accepting the login/password for reasons unknown to me and the second was that as a result of that first problem (which had nothing to do with Firefox), I did a (whole bunch of) factory resets to try to log into the router, but that's when the Firefox wouldn't let me log in and wouldn't let me choose to not worry about the lack of a bona fide certificate either.
The solution should have come to me sooner, which was to use SRWare Iron (I didn't try any other browser than Iron so others may have worked also).
It's definitely a problem with Firefox though as there was ANOTHER problem which only showed up with Firefox, which was that I couldn't hit the "Apply" button whenever I changed some settings in Firfox, and yet I could hit that same "Apply" button when I switched to SRWare Iron to do it.
It could be my Firefox settings though, but what happened was a dialog box asking for an "OK" popped up in SRWare Iron, but not in Firefox.
I suspect it was something similar that prevented me from logging in also. But I don't know for sure why SRWARe Iron worked with http://192.168.1.1 but Firefox would never let me log in when I used a http://192.168.1.1 url.
In the end, I was able to flash the latest firmware from what appears to be from 12/13/1020 (R7000-V1.0.11.100_10.2.100.chk) to what is now version R7000-V1.0.11.136_10.2.120.chk from what appears to be 7/29/2022 based on these two reference urls I found in the Netgear download support site.
formatting link
I tried flashing it using the Windows tftp procedure described here.
formatting link
what finally worked was when I switched to a different tftp client.
formatting link
If you read those links, you'll see it takes a bit of delicate swearing at just the right moment to ensure that all goes well without bricking.
The great news is that after a few hours of repeating the same steps over and over and over (which is the definition of insanity anywhere else other than with routers), when I switched to SRWare Iron, things began working right because the hidden dialog boxes were popping up.
I don't blame Firefox because I'm sure I changed settings here and there based on what was suggested in this newsgroup in the past, but what I will do next time is switch browsers and tftp clients sooner than I did today.
The router may even use HSTS, which is a way for the router to say to the browser "I know that you've used https to me in the past, so don't ever use plain http again".
In that screenshot-49.png, notice the crossed-out padlock in the address bar. The router does not have a site certificate for its internal web server, so the router cannot use HTTPS. The user is connecting via HTTP, and why the cross-out padlock appears to warn HTTPS is *not* being used.
The router is an intranet host of the OP's network. Why would it need to use HTTPS? Also, Firefox cannot upgrade a connection to HTTPS if the site does not support it. All Firefox is doing is checking if an HTTPS connect is allowed when the user instead specified HTTP. For sites that do support HTTPS, they [should] redirect an HTTP connect to an HTTPS web page, so Firefox's HTTPS-Only Mode is redundant (and can interfere with the programmed navigation at the site).
The pic shows HTTPS was not used when getting the start.htm web page in the router's internal web server. The OP's screenshot shows HTTPS was
*not* used to connect to the start.htm web page in the router. The OP said the router reverted to wanting HTTPS, but didn't show a pic of that router's web page or mention the URL. Did the OP get to start.htm okay using HTTP, and then the same page refreshed trying to use HTTPS, and Firefox then displayed an error page? The OP shows he got to start.htm in his router's web server. Where's the info on what happened for the "revert" to HTTPS?
The cross-out padlock icon in the address will always be shown when connecting to an HTTP web document. It's to alert you that the connection is not secure, not that the connection failed.
No, that means that you are not using a secure connection, not necessarily that it is not available. The OP mentioned connecting to it via https, but could not accept the certificate because he didn't get the option to click (because pop ups were blocked, I guess).
Firefox, I understand, had at that point disabled the option to force https in config.
I thought curl was not in Windows, but I just checked, and, by golly, it is there. Is this new? I used to have to install wget, but I'll use curl now!
As for the problems I saw yesterday, I have read all the advice in all the newsgroups and I have done some experiments (much to my later regret).
You're all probably correct that it's not Firefox's fault, but mine for not realizing what the problem really was until long after I worked around it.
If I take the same approach that Vanguard took of looking at my own screenshots, I noticed this was taken at 8:51 am after the factory reset.
formatting link
I had taken lots of screenshots and rearranged and deleted many so the numbering system got messed up, but this screenshot was taken at 9:09 am.
formatting link
This morning, to test what happened yesterday, I made the (big) mistake of resetting the Netgear R7000 router back to factory defaults. I did this so that I could test the sequence of what happened, but using Iron instead.
What happened with Iron was completely different than it was with Firefox.
I don't blame Firefox because I have messed with the Firefox about:config settings as suggested in this newsgroup - where I think I figured it out.
Notice that at 8:51 am I was able to connect over Ethernet cable from the Windows PC to the router using a http://192.168.1.1 URL but not at 9:09.
What's different between 9:51 am yesterday and 9:09 am yesterday?
I don't know, but I "think" what happened was the initial log in _always_ worked. It's just every page _after_ that initial login seem to ask for http(s) URLs (which the router must have redirected it to - not me!).
And then, remember that I only figured out that a missing dialog was occurring when I later tried to remove the broadcast SSID checkbox.
With Firefox, it wouldn't let me do that, but Iron came up with this: "WPS requires SSID broadcasting in order to work. If you make this change, WPS will become inaccessible. Do you want to continue?"
It wouldn't do anything until I hit the extraneous "OK" in that warning.
With that in mind, I "think" the problem with the initial login was there may have been a similar "OK" that needed to be checked, but I didn't see it in Firefox.
Of course, today I tried to test that theory out, but I immediately realized I hurt myself by doing that, and so I regret following the advice!
I'm not mad at people for suggesting the advice of course, but I'm mad at myself because I screwed it up not knowing what would happen in the test.
I summarized this in the other thread asking about tftp software, as [1] Yesterday I set the router to factory defaults [2] When I finally logged in with Iron, I set the same old password [3] At some point yesterday, I flashed to the latest router firmware [4] Many times I logged in - and the old 8-character password worked
Unbeknownst to me, the new firmware _allowed_ the old password but the new firmware doesn't allow you to _set_ an old password after a factory reset.
So now, of all my routers, this one router has a different password. All because I tried to test what you were nicely telling me all along.
I should have just believed you instead of testing it out for myself.
I see now that curl.exe has been part of Windows 10 since build 17063.
formatting link
"On December 19 2017, Microsoft announced that since insider build 17063 of Windows 10, curl is a default component. The initial curl version Microsoft shipped was 7.55.1 but it was upgraded to 7.79.1 in January 2022. The curl tool shipped with Windows is built by and handled by Microsoft. It is a separate build that will have different features and capabilities enabled and disabled compared to the Windows builds offered by the curl project. They do however build curl from the same source code. You can probably assume that the curl packages from Microsoft will always lag behind the versions provided by the curl project itself."
You don't even have to "enable" curl in Windows 10 like I had to enable tftp to push the router firmware onto the router without using Firefox. tftp -i 192.168.1.1 put R7000-V1.0.11.136_10.2.120.chk
I originally thought of using tftp only because I couldn't log in using Firefox and when I researched the steps, I found out a login isn't needed.
The first thing you do is reset a booted-up Netgear R7000 router to factory defaults by holding the power button for 7 seconds until the white power light blinks amber.
Then you make sure the Windows PC Ethernet port is set to the same subnet.
I had to first find the exact spelling name of the Ethernet port. netsh interface ip show interface connected Ethernet ipconfig /all Ethernet adapter Ethernet: Autoconfiguration IPv4 Address. . : 169.254.89.111 Subnet Mask . . . . . . . . . . . : 255.255.0.0
Then I had to set it to anything other than 192.168.1.{0,1,255}. netsh interface ip set address name="Ethernet" static 192.168.1.10 255.255.255.0 192.168.1.1
Then I could tftp the latest firmware onto the Netgear R7000 router but here's where the sequence gets a little hairy in the specific steps.
tftp -i 192.168.1.1 put R7000-V1.0.11.136_10.2.120.chk Caution: Do not press Enter until you are instructed to do so!
Unplug all other Ethernet connections from your router. Leave only your computer connected to the router by the Ethernet.
Turn your R7000 router off for 10 seconds. Turn your router back on. Wait for the Power LED to light orange and start flashing.
When the R7000 Power LED is flashing, return to the command window tftp. Now press Enter to execute the tftp command in the Windows 10 command line. tftp -i 192.168.1.1 put R7000-V1.0.11.136_10.2.120.chk
This will initiate the firmware upload to the R7000 router. Wait about 4 minutes for the router to finish storing the firmware. When finished, the Power LED turns solid white & the wireless LEDs light.
I only used tftp because I thought it would log into the router when Firefox wouldn't let me log into the router, but I've only realized after I posted this thread that tftp doesn't actually "log in" to anything.
It just pushes/gets files, I think.
It seems strange (at least to me) that Windows 10 tftp does not first log into the router with a username and password.
It seems to me like a security hole waiting to happen, but I guess if someone already have your router in their hands, it's already theirs.
I think everyone is right that it was my Firefox settings which must have been "hiding" something that popped up in that Netgear https redirect link.
In a way, I would like to blame Netgear for inserting that redirect though. http://192.168.1.1 redirected to
formatting link
For two days now I have been pondering what actually happened, and I have come to the realization it can probably only be reproduced the first time you log into the Netgear R7000 router directly following a factory reset.
A normal login attempt to the router does NOT redirect to an https URL. But the first login after a factory reset DOES redirect to an https URL.
If that's right, this https issue is a Netgear-inserted encumbrance.
If my assumption is correct, it was that inserted Netgear redirect that was trying to get to an http(s) server in order to set these options.
formatting link
Pressing any button on that initial one-time-only page above is what brought me to the https link of
formatting link
I don't think that https page pops up at any other time, but since I had just reset the router and since I was logging into the router firmware to set it up, I was stopped cold at that web page when I first posted this.
Thanks for all your help for using Firefox to set up the Netgear R7000.
This does not happen (and never has) with Firefox on my Win10 machine. Since the server that hosts the websites that you visit determine whether the site is http: or https:, Firefox doesn't set that header in any case. It might have a setting to prevent visiting http:, but I've never used that so can't help you there.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.