• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 286
  • Last Modified:

ssl error - You're accessing the development server over HTTPS, but it only supports HTTP

Hi Experts

I am working on a wagtail project(like django-cms) I get this error when I run python3 manage.py runserver 0.0.0.0:8000

 
code 400, message Bad request syntax 
  ('\x16\x03\x01\x00®\x01\x00\x00ª\x03\x03³\x06âP\x97Þ%<Sg\x13Ö×[zE\x96\x15?
  \x96\x00\x1ah')
  You're accessing the development server over HTTPS, but it only supports 
  HTTP.

Open in new window


I had changed SECURE_SSL_REDIRECT=FALSE and tested it still i get this same error. I had disabled cache in chrome.

 I had deactivated chorme caching in registry  by following steps.
Deactivate Chrome Cache in the Registry

Open Registry (Start -> Command -> Regedit)

Search for: HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command

Change the part after ...chrom.exe" to this value: –disable-application- cache –media-cache-size=1 –disk-cache-size=1 — "%1"

Example: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" - disable-application-cache –media-cache-size=1 –disk-cache-size=1 — "%1"

I had also tried disable cache from chrome developer tools network -disable cache.

I had also tried by clearing cache from hsts on chrome.

I had also tried from incognito window on chrome. But still I get the same error

It is an Ubuntu machine on AWS(accessed by putty from windows pc).

I access from outside (windows pc - local pc )through http://54.23x.9x.17:8000 I am not able to resolve this error.


I had tried on some other machine.  I got the following error on console for Linux Ubuntu

it is changing to https instead of http and I got "GET / HTTP/1.1" 301 0 on console window


Please help me in resolving this error.

With Many Thanks, Bharath AK
0
Bharath A.K
Asked:
Bharath A.K
  • 3
  • 2
3 Solutions
 
gelonidaCommented:
This is strange. The error message really seems as if you typed
 https://54.23x.9x.17:8000 

Open in new window

instead of

 http://54.23x.9x.17:8000 

Open in new window


Can you open the debug window on your web browser and check (on Firefox for example F12 + click on the network tab and onreload)


Alternatively take any command line tool like curl / wget to simulate a request.
0
 
nociSoftware EngineerCommented:
not using the https everywhere plugin?
BTW, it is better for all parties to DO use HTTPS.
Cost is marginal, if using LetsEncrypt & Certbot for renewals. Esp. on Linux systems.
0
 
gelonidaCommented:
@Bharath A.K and noci
Yeah it could be something like an https everywhere plugin or perhaps a permanent redirect which was caught by the browser.
You could try to use another browser or an anonymous browser window or disable all plugins and delete all history for the given server.


@noci:

regarding HTTP instead of https

the django command
python3 manage.py runserver

Open in new window


is normally used to quickly launch a development server with automatic restart on source code change it is intentionally without HTTPS
and listens by default only on localhost for security reasons.
only by explicetely passing 0.0.0.0 it will listen on all interfaces.

@Bharath A.K

I don't know if the developement server contains sensitive data, but what you could do in order to avoid opening an HTTP port on 0.0.0 you could start the development server only on localhost and use ssh with local portforwarding to create a secured tunel between your PC and the remote server.

Alternatively you could hide the development server behind a reverse proxy.
But I don't know all the features / servers that are available on your AWS
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Bharath A.KAuthor Commented:
Hi Gelonida and Noci,

       I am able to see the application from the browser.  

Steps I had done is do http get from postman for http://54.25x.9x.17:8000,  It was throwing few errors on postman.
Like missing environmental variables like creating facebook-id and providing search path etc.  Once I set the environment variables
It succeeding with 200 ok on postman.  Then I was able to see the application from incognito window on chrome.
Later it started working on normal window and disable cache on network tab with developer tools on chrome.

With Many Thanks,

Bharath AK
0
 
Bharath A.KAuthor Commented:
Hi All,

Thank you so much,  my thinking was to use only browser to check http calls.  From you suggestions, I realized I can do all http tasks in curl, wget and postman.  Thanks for your ideas.  It is really helpful to me

Kind Regards,

Bharath AK
0
 
Bharath A.KAuthor Commented:
Hi All,

The following lines of code in settings.py is causing the ssl error.  Once I commented the below lines.  the error vanished.  I dont know exactly which line was causing the error. Once I comment this out, ssl error vanished.

    SECURE_SSL_REDIRECT = True
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True
    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
    SECURE_HSTS_SECONDS = 86400
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True

With many thanks,

Bharath AK
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now