XPost: alt.comp.software.firefox, alt.internet.wireless

In alt.comp.software.firefox Incubus <u9536612@gmail.com> wrote:

I type "http://192.168.1.1" into Firefox but it changes that to https://www.routerlogin.net/genie_index.htm by some Firefox magic that I didn't have any control over.

Frankly I expect that it's your router doing that rather than
Firefox, because it doesn't make sense that Firefox would be doing
it. Or maybe you're somehow getting confused by the URL
suggestions.

To answer for sure, on Linux you could use:
"wget --spider http://192.168.1.1/"
And see whether the output shows the router responding with a
redirect to https://www.routerlogin.net/genie_index.htm. You can
probably find a port of Wget to Windows 10, I had one that I used
with XP. Maybe try the suggestions below before bothering with that
anyway.

I keep typing "http" by removing the "s" but it keeps insisting on going to http(s) but it doesn't give me ANY option to just proceed and let me take
the risk.

Why doesn't Firefox let me proceed with http?
Why can't Firefox just ask for the certificate?
Why won't Firefox let me do what I want to do?

It's so frustrating because I don't understand what is preventing me from just going to http instead of https (which is NOT where I want to go).

I looked at ALL the settings inside Firefox and can't find where the
setting is to let me go to http instead of https (or at least ASK me if I feel safe enough to go to http which I do since this is just a router).

I think your router is doing the HTTPS thing, not Firefox.
The routerlogin.net domain is supposed to resolve to the router,
rather than to a server on the internet. I guess they do this to
make HTTPS work.

This seems to suggest the above purpose of routerlogin.net: https://www.netgear.com/business/services/aplogincom/

Perhaps you've got DNS-over-HTTPS enabled in Firefox and as such
the router's DNS lookup isn't being used, so it's not able to find
the router. You can turn this off with a checkbox in the Firefox
settings menu (it's a bit burried). In Firefox version 102.7.0esr:

General -> Network Settings (bottom of page, "Settings..." button)

Enable DNS over HTTPS (uncheck checkbox, at bottom of page)

If it's already unchecked, perhaps you could also have another DNS
server configured in Windows. I don't know how Windows 10 does DNS
settings, so you'll have to figure that out for yourself if
required.

Or if you were right and Firefox changing http to https in the URL
bar was the only problem, these settings are how I've disabled a
similar behaviour, in about:config (but I think it actually fixes a
problem slightly different to what you've described):

browser.fixup.fallback-to-https = false
browser.urlbar.trimURLs = false

I can certainly still visit http sites in Firefox if I type the URL
as such.

(For now, I gave up on Firefox and am going to try 'tftp' on Windows next.)

That sounds like a dead end, unless you're actually trying to
flash a new firmware image on the router, in which case it might
solve your access problem if the new firmware doesn't use
routerlogin.net anymore (but I expect they'll have kept things the
same so that people's bookmarks of the router log-in page still
work).

--
__ __
#_ < |\| |< _#

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 03 Feb 2023, Incubus <u9536612@gmail.com> wrote in alt.comp.software.firefox:

What do I need to do inside of Firefox to force it to use http and
not constantly switch to https?

https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

What do I do inside of Firefox to force Firefox to ask for a
router certificate instead of just assuming it's always bad?

It's a long story but the part that relates to Windows & Firefox
is that I'm trying to access a Netgear Nighthawk AC1900 Model
R7000 router over Ethernet on Windows 10 but I can't get Firefox
(version 109.0.1) to allow me to let Firefox just ignore the (s)
in the https security.

I set Windows Ethernet to 192.168.1.x because I know the router is 192.168.1.1 and I pressed the factory reset button for 7 seconds
so the router should have been reset to admin/password login
credentials.

I type "http://192.168.1.1" into Firefox but it changes that to https://www.routerlogin.net/genie_index.htm by some Firefox magic
that I didn't have any control over.

I keep typing "http" by removing the "s" but it keeps insisting on
going to http(s) but it doesn't give me ANY option to just proceed
and let me take the risk.

Why doesn't Firefox let me proceed with http?
Why can't Firefox just ask for the certificate?
Why won't Firefox let me do what I want to do?

It's so frustrating because I don't understand what is preventing
me from just going to http instead of https (which is NOT where I
want to go).

I looked at ALL the settings inside Firefox and can't find where
the setting is to let me go to http instead of https (or at least
ASK me if I feel safe enough to go to http which I do since this
is just a router).

Please help me.
(For now, I gave up on Firefox and am going to try 'tftp' on
Windows next.)

How about HTTPS-Only Mode, under Privacy & Security?

==========

HTTPS provides a secure, encrypted connection between Firefox and the
websites you visit. Most websites support HTTPS, and if HTTPS-Only Mode
is enabled, then Firefox will upgrade all connections to HTTPS.

[ ] Enable HTTPS-Only Mode in all windows (Manage Exceptions...)
[ ] Enable HTTPS-Only Mode in private windows only
[x] Don't enable HTTPS-Only Mode

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

What do I need to do inside of Firefox to force it to use http and not constantly switch to https?

https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

What do I do inside of Firefox to force Firefox to ask for a router
certificate instead of just assuming it's always bad?

It's a long story but the part that relates to Windows & Firefox is that
I'm trying to access a Netgear Nighthawk AC1900 Model R7000 router over Ethernet on Windows 10 but I can't get Firefox (version 109.0.1) to allow
me to let Firefox just ignore the (s) in the https security.

I set Windows Ethernet to 192.168.1.x because I know the router is
192.168.1.1 and I pressed the factory reset button for 7 seconds so the
router should have been reset to admin/password login credentials.

I type "http://192.168.1.1" into Firefox but it changes that to https://www.routerlogin.net/genie_index.htm by some Firefox magic that I
didn't have any control over.

I keep typing "http" by removing the "s" but it keeps insisting on going to http(s) but it doesn't give me ANY option to just proceed and let me take
the risk.

Why doesn't Firefox let me proceed with http?
Why can't Firefox just ask for the certificate?
Why won't Firefox let me do what I want to do?

It's so frustrating because I don't understand what is preventing me from
just going to http instead of https (which is NOT where I want to go).

I looked at ALL the settings inside Firefox and can't find where the
setting is to let me go to http instead of https (or at least ASK me if I
feel safe enough to go to http which I do since this is just a router).

Please help me.
(For now, I gave up on Firefox and am going to try 'tftp' on Windows next.)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-03, Nil <rednoise9@rednoise9.invalid> wrote:

How about HTTPS-Only Mode, under Privacy & Security?

==========

HTTPS provides a secure, encrypted connection between Firefox and the websites you visit. Most websites support HTTPS, and if HTTPS-Only Mode
is enabled, then Firefox will upgrade all connections to HTTPS.

[ ] Enable HTTPS-Only Mode in all windows (Manage Exceptions...)
[ ] Enable HTTPS-Only Mode in private windows only
[x] Don't enable HTTPS-Only Mode

When I did that the strange thing is I was able to get, momentarily, a log
in into the router but then it reverted instantly back to wanting https! https://i.postimg.cc/5tNdmWVZ/Screenshot-49.png

I wasn't on the Internet as I had to disable the Wi-Fi to use Ethernet
and as soon as I hit the green submit button, it went immediately to this. https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

But let me try your suggestion with another Windows 10 machine and another Firefox as I was previously testing it on a borrowed fat laptop because my
thin laptop doesn't have any Ethernet ports (it only has the USB ports).

The borrowed fat laptop had Wi-Fi so I had to turn that off too, but the desktop I'm going to try it on only has Ethernet so maybe that will help?

(I have a thin laptop so in the future, is there a way to convert the USB-A
or USB-C or the HDMI on the thin Windows 10 laptops to Ethernet instead?)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: firefox

NOTE: alt.comp.software. and alt.internet.wireless were removed in my
reply. They are not germaine to the issue. From the description, the
problem is with Firefox configuration, hosts file, DNS cache, or the
router using hostnames instead of IP addresses to point at the web pages
into the router's internal web server.

Incubus <u9536612@gmail.com> wrote:

What do I need to do inside of Firefox to force it to use http and not constantly switch to https?

https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

What do I do inside of Firefox to force Firefox to ask for a router certificate instead of just assuming it's always bad?
...

about:preferences#privacy -> HTTPS-Only Mode
Do *not* enable this mode. If a site doesn't support https://, it won't
have an https:// web page. It only supports http://, so you need to
select "Don't enable HTTPS-Only Mode" in Firefox. Or, if you feel
compelled to use Firefox's HTTPS-Only Mode, add an exception; however, I
don't know if it works on IP addresses, allows intranet addresses (192.168.xxx.xxx, 10.0.x.x, etc). You could try adding an exception for routerlogin.net. Easier would be to disable HTTPS-Only Mode in Firefox.

I don't remember ever using a router that has a site certificate. How
would you install it? When you connect to the internal web server in
your router, there's no option to import a site cert. You're connecting
to a local (intranet) host where a site cert is superfluous. You don't
need to encrypt intranet traffic inside your own network when connecting
your host to the router's web server (which should have a login, and
you've changed away from the default password). You don't need to
verify you connected to where you intended, because it's your host on
your intranet.

I type "http://192.168.1.1" into Firefox but it changes that to https://www.routerlogin.net/genie_index.htm by some Firefox magic that I didn't have any control over.

You probably ran some setup software that came with the router. Often
that adds an entry into the hosts file (under
C:\Windows\System32\drivers\etc folder, but you'll need to configure
File Explorer to show hidden and system files). Check your hosts file.
Comment out the routerlogin.net entry in your hosts file. Then Firefox
only has the IP address to use.

My understanding is the hosts file (no filename extension) was to lookup
the IP address when using a hostname, but I would still check the hosts
file. A DNS lookup is required to get from hostname to IP address.
It's possible an entry was add to your DNS Client, a local DNS caching
service. However, DNS lookups only report an IP address for a host, and
don't specify protocol. A DNS lookup on routerlogin.net would return 192.168.1.1 (not http or https protocol). To flush the local DNS cache,
run in an elevated command shell:

ipconfig /flushdns

However, if something keeps adding the entry to your local DNS cache,
you flushing the cache won't last long since something else will re-add
it. Did that setup program that came with the router leave behind a
program that runs on Windows startup or login that would keep re-adding
a DNS entry for routerlogin.net = 192.168.1.1? Disable that startup
program, flush the DNS cache, logout and re-login, and test again.

Another possibility is that connects to a home page on the router's
internal server result in a redirect to another page. You might specify
to connect using 192.168.1.1, you get to the router's web server, but it redirects to another of its web pages which uses the routerlogin.net
hostname. You said you tried http://192.168.1.1 yet the address bar in
Firefox shows you went to https://www.routerlogin.net/genie_index.htm.
A home page doesn't need a path, or the home.html file is assumed at the
root directory at the web server. Looks like you are getting redirected
from the home page to some "genie" web page.

When I log into my router/cable modem, I use http://10.0.0.1. Because I
do NOT use Firefox's HTTPS-Only mode, I can just enter 10.0.0.1, and
Firefox first tries HTTP. The home page is the login page. No path is
needed to get there, so no path is specified in the URL after connecting
my router. Only after logging in successfully does getting to the other
web pages add a path in the URL (e.g., http://10.0.0.1/at-a-glance.htm,
the default info page). For some reason, you're skipping past the login
page, and going to some "genie" page. The router is doing the web page redirection, or maybe genie_index.htm is the home page for your router's internal web server.

Instead of having you run software on your host to setup the modem,
maybe the "genie" page is a wizard to guide you through setup. I've
seen mention that page checks for an Internet (WAN-side) connection,
too. However, since your forcing Firefox to use HTTPS, but the router
only supports HTTP, probably a good reason why the genie page cannot be reached.

If you can connect to the router's web server by disabling HTTPS-Only
mode in Firefox (to allow HTTP connects), I would visit other pages in
the router's web server to see if you get to them using an IP address or
by using a hostname. If navigating its web pages uses the hostname,
you'll need to keep the hosts file entry pointing routerlogin.net to 192.158.1.1.

https://www.netgear.com/support/product/R7000P.aspx#download

I didn't see any "setup" software there that might affect the hosts file
or DNS cache entries. So, to recap, I'd do the following:

- Check the hosts file for a related entry. Don't do any edits or
commenting out until after disabling HTTPS-Only mode in Firefox. The
hosts entry may be needed if other web pages in the router use
hostnames instead of IP addresses.
- Disable HTTPS-Mode in Firefox. You need it using HTTP to connect to
the router. The router doesn't have a site certificate. It cannot
use HTTPS, so stop trying to get Firefox to force use of HTTPS at the
router. You could try defining an exception, but for now just disable
HTTPS-Only mode in Firefox. Lots of users got bad advice on this
option just like they got bad advice on using the HTTPS-Everywhere
add-on of yore. Despite the claims, HTTPS is *not* everywhere.
- Flush the local DNS cache (ipconfig /flushdns).
- Check for any startup programs for the router. You don't need them.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/3/2023 7:31 PM, VanguardLH wrote:

What do I need to do inside of Firefox to force it to use http and not
constantly switch to https?

https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

What do I do inside of Firefox to force Firefox to ask for a router
certificate instead of just assuming it's always bad?
...

I've seen mention that page checks for an Internet (WAN-side) connection, too.

Considering that router has a serious security vulnerability,
I would guess the OP is working on following some procedure
to fix that.

The issue is from the year 2016 or so.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul <nospam@needed.invalid> wrote:

Considering that router has a serious security vulnerability, I would
guess the OP is working on following some procedure to fix that.

The issue is from the year 2016 or so.

My guess is the OP is trying to install firmware updates. One of the
web pages on the router's internal web server is to apply firmware
updates. I don't know if it tries to connect to a web site, or you
specify a file (you separately and previously downloaded) to import via
HTTP to the router. However, since he cannot get onto the router's web
server, he can't get to its firmware update page, and perhaps why he
started another discussion asking about a TFTP client perhaps to see if
he can use that to connect to the router. However, I've yet to see a consumer-grade router that had a built-in FTP server.

Other than the very common vulnerability of routers having a well-known
default password (like "admin" or "password") that users should change
the moment the turn it on and can connect to it via HTTP, what
vulnerability do you know about for this router that isn't covered by a firmware update?

For example, there's:

https://kb.netgear.com/000063636/Security-Advisory-for-Authentication-Bypass-on-Multiple-Products-PSV-2021-0084
(published 2021, so no idea which vulnerability to which you refer)

That's fixed with a firmware update. Of course, just enabling remote management on any router inflicts vulnerability. This one requires the
hacker to be on the OP's intranet. That means physical access to his
networked devices. If someone breaks into my house when I'm not there
(they'll meet me with a handgun if I'm there), I figure my computer is
the least of my worries. The moment they try to steal it, it loses
power, and they'll have to get past the BIOS boot-time password. I
doubt a robber is going to spend the time to sit down at my computer
trying to cull information from it. Since they've gotten physical
access to my intranet, not sure why they would bother trying to hack the router. They're already inside past the router. That's why enabling
remote management of the router is dangerous. Of course, the intruder
could be his kids if they're still living at home. Kids have the time
to invade their parents' hosts and routers. In that case, he should
employ the door locks (and get better ones) for the rooms where are his computer(s), router(s), and cable modem. Physical access almost
guarantees hacking success depending on the skill set of the hacker.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-03, Computer Nerd Kev <not@telling.you.invalid> wrote:

Frankly I expect that it's your router doing that rather than
Firefox, because it doesn't make sense that Firefox would be doing
it. Or maybe you're somehow getting confused by the URL
suggestions.

I solved it but I can't really say what specific action solved it because almost everything made no sense because it all "should" have been working.

I had two main problems, one of which is the router stopped accepting the login/password for reasons unknown to me and the second was that as a
result of that first problem (which had nothing to do with Firefox), I did
a (whole bunch of) factory resets to try to log into the router, but that's when the Firefox wouldn't let me log in and wouldn't let me choose to not
worry about the lack of a bona fide certificate either.

The solution should have come to me sooner, which was to use SRWare Iron
(I didn't try any other browser than Iron so others may have worked also).

It's definitely a problem with Firefox though as there was ANOTHER problem which only showed up with Firefox, which was that I couldn't hit the
"Apply" button whenever I changed some settings in Firfox, and yet I could
hit that same "Apply" button when I switched to SRWare Iron to do it.

It could be my Firefox settings though, but what happened was a dialog box asking for an "OK" popped up in SRWare Iron, but not in Firefox.

I suspect it was something similar that prevented me from logging in also.
But I don't know for sure why SRWARe Iron worked with http://192.168.1.1
but Firefox would never let me log in when I used a http://192.168.1.1 url.

In the end, I was able to flash the latest firmware from what appears to be from 12/13/1020 (R7000-V1.0.11.100_10.2.100.chk) to what is now version R7000-V1.0.11.136_10.2.120.chk from what appears to be 7/29/2022 based on
these two reference urls I found in the Netgear download support site. (https://kb.netgear.com/000061805/R7000-Firmware-Version-1-0-11-100) (https://kb.netgear.com/000065079/R7000-Firmware-Version-1-0-11-136)

I tried flashing it using the Windows tftp procedure described here. (https://kb.netgear.com/000059634/How-do-I-upload-firmware-to-my-NETGEAR-router-using-TFTP-from-the-Microsoft-Windows-Command-Prompt)
but what finally worked was when I switched to a different tftp client. (https://kb.netgear.com/000059633/How-do-I-upload-firmware-to-my-NETGEAR-router-using-a-TFTP-client-on-Microsoft-Windows)

If you read those links, you'll see it takes a bit of delicate swearing
at just the right moment to ensure that all goes well without bricking.

The great news is that after a few hours of repeating the same steps
over and over and over (which is the definition of insanity anywhere
else other than with routers), when I switched to SRWare Iron, things
began working right because the hidden dialog boxes were popping up.

I don't blame Firefox because I'm sure I changed settings here and there
based on what was suggested in this newsgroup in the past, but what I will
do next time is switch browsers and tftp clients sooner than I did today.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

Computer Nerd Kev wrote:

You can probably find a port of Wget to Windows 10

You can, but no need, since it comes with curl as standard ...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-04 04:44, Incubus wrote:

It could be my Firefox settings though, but what happened was a dialog box asking for an "OK" popped up in SRWare Iron, but not in Firefox.

You have pop ups blocked in FF. Default setting, I think.

I commented on this on your other thread.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-04 00:13, Incubus wrote:

On 2023-02-03, Nil <rednoise9@rednoise9.invalid> wrote:

How about HTTPS-Only Mode, under Privacy & Security?

==========

HTTPS provides a secure, encrypted connection between Firefox and the
websites you visit. Most websites support HTTPS, and if HTTPS-Only
Mode is enabled, then Firefox will upgrade all connections to HTTPS.

[ ] Enable HTTPS-Only Mode in all windows   (Manage Exceptions...)
[ ] Enable HTTPS-Only Mode in private windows only
[x] Don't enable HTTPS-Only Mode

When I did that the strange thing is I was able to get, momentarily, a log
in into the router but then it reverted instantly back to wanting https! https://i.postimg.cc/5tNdmWVZ/Screenshot-49.png

That's because the router itself supports https and has a certificate
for it. It is the router itself who is insisting on https.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

Carlos E.R. wrote:

Incubus wrote:

When I did that the strange thing is I was able to get,
momentarily, a log in into the router but then it reverted
instantly back to wanting https!

That's because the router itself supports https and has a certificate
for it. It is the router itself who is insisting on https.

The router may even use HSTS, which is a way for the router to say to
the browser "I know that you've used https to me in the past, so don't
ever use plain http again".

But I'd think that was a little extreme?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: firefox

VanguardLH wrote:

about:preferences#privacy -> HTTPS-Only Mode
Do*not* enable this mode.

At least not without some thought to whether you really want it.

If a site doesn't support https://, it won't
have an https:// web page. It only supports http://, so you need to
select "Don't enable HTTPS-Only Mode" in Firefox. Or, if you feel
compelled to use Firefox's HTTPS-Only Mode, add an exception;

And even then, the exceptions are only temporary, you need to re-add
them every firefox session, I got bored of that eventually.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

"Carlos E.R." <robin_listas@es.invalid> wrote:

Incubus wrote:

Nil <rednoise9@rednoise9.invalid> wrote:

How about HTTPS-Only Mode, under Privacy & Security?

HTTPS provides a secure, encrypted connection between Firefox and the
websites you visit. Most websites support HTTPS, and if HTTPS-Only
Mode is enabled, then Firefox will upgrade all connections to HTTPS.

[ ] Enable HTTPS-Only Mode in all windows   (Manage Exceptions...)
[ ] Enable HTTPS-Only Mode in private windows only
[x] Don't enable HTTPS-Only Mode

When I did that the strange thing is I was able to get, momentarily,
a log in into the router but then it reverted instantly back to
wanting https! https://i.postimg.cc/5tNdmWVZ/Screenshot-49.png

That's because the router itself supports https and has a certificate
for it. It is the router itself who is insisting on https.

In that screenshot-49.png, notice the crossed-out padlock in the address
bar. The router does not have a site certificate for its internal web
server, so the router cannot use HTTPS. The user is connecting via
HTTP, and why the cross-out padlock appears to warn HTTPS is *not* being
used.

The router is an intranet host of the OP's network. Why would it need
to use HTTPS? Also, Firefox cannot upgrade a connection to HTTPS if the
site does not support it. All Firefox is doing is checking if an HTTPS
connect is allowed when the user instead specified HTTP. For sites that
do support HTTPS, they [should] redirect an HTTP connect to an HTTPS web
page, so Firefox's HTTPS-Only Mode is redundant (and can interfere with
the programmed navigation at the site).

The pic shows HTTPS was not used when getting the start.htm web page in
the router's internal web server. The OP's screenshot shows HTTPS was
*not* used to connect to the start.htm web page in the router. The OP
said the router reverted to wanting HTTPS, but didn't show a pic of that router's web page or mention the URL. Did the OP get to start.htm okay
using HTTP, and then the same page refreshed trying to use HTTPS, and
Firefox then displayed an error page? The OP shows he got to start.htm
in his router's web server. Where's the info on what happened for the
"revert" to HTTPS?

The cross-out padlock icon in the address will always be shown when
connecting to an HTTP web document. It's to alert you that the
connection is not secure, not that the connection failed.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox

Note: The OP specified the following newsgroups in his post:
alt.comp.software.firefox
alt.comp.os.windows-10
alt.internet.wireless
When I first replied to the OP, I edited the Newsgroups header to remove
the alt.internet.wireless newsgroup which was irrelevant, and noted my
edit. Somehow I fat-fingered the edit, and the alt.comp.software prefix
got removed from firefox. In this post, I removed the firefox newsgroup (invalid), and readded alt.comp.software.firefox.
If the OP monitors only the Firefox newsgroup instead of each one to
which he cross-posted, he will not see my reply to him in the Firefox
newsgroup (or Andy's reply to me that duplicated the invalid newsgroup
name). The OP should see this post, but will have to visit the Windows
10 newsgroup to see the parent post (my first reply to the OP) and
Andy's reply to mine.


Andy Burns <usenet@andyburns.uk> wrote:

VanguardLH wrote:

about:preferences#privacy -> HTTPS-Only Mode
Do *not* enable this mode.

At least not without some thought to whether you really want it.

The Web did not alter its behavior because Mozilla offered a change in Firefox's behavior. There remains LOTS of sites that do NOT use HTTPS. Enabling HTTPS-Only mode blocks access to HTTP sites unless you add an exception (and do not purge Site Preferences on exit of Firefox). The
point of HTTPS-Only Mode is to block HTTP-only sites. Some sites will
redirect on an HTTP connect to an HTTPS page, but not every site has a
site certificate to utilize HTTPS.

If a site has only public information, does not need to encrypt any of
that public information, has no logins for accounts, and is uninterested
in ensuring you arrived at the site you intended to visit, there is no
need for a site cert. Without a site cert, HTTPS is not possible.

The OP's router does not support HTTPS. Do you know of any that do?
Why would your own intranet host need encrypted traffic and ensure you
connect to it instead of some other intranet host?

If a site doesn't support https://, it won't
have an https:// web page. It only supports http://, so you need to
select "Don't enable HTTPS-Only Mode" in Firefox. Or, if you feel
compelled to use Firefox's HTTPS-Only Mode, add an exception;

And even then, the exceptions are only temporary, you need to re-add
them every firefox session, I got bored of that eventually.

I think that has to do with configuring Firefox to purge Site
Preferences on its exit. I configure Firefox to purge ALL locally
cached data on its exit (there are security issues otherwise). That
means the Site Preferences cache get purged, too. I ran into this when defining exceptions for other options. I'd add an exception, but on the
next Firefox session that exception was gone. When I stopped purging
Site Preferences on exit, those exceptions survived. I'm more
interested in security, so I surrendered the ease of storing exceptions,
and include Site Preferences to purge on Firefox's exit. Under:

about:preferences#privacy
History -> Settings

I have the following locally cached data purged on Firefox's exit:

Browsing & download history
Active logins (*)
Form & search history
Cookies
Cache
Site settings (aka Site Preferences)
Offline website data (aka DOM Storage)

(*) This is nothing to do with cached password in Firefox's password
manager store. It has to do with the old-style method of popping up
dialogs into which you entered login credentials.

So, everything is selected to purge it on exit. That means any
exceptions I add to HTTPS-Only Mode will disappear when I exit Firefox.

For troubleshooting, and because the OP's router doesn't have a site
cert so it cannot employ HTTPS, my suggestion was to make sure
HTTPS-Only Mode is not enabled. If the OP can then connect okay to his
router, it's his choice to add an exception, or reenable HTTPS-Only Mode
and incur the same connect failure the next time he wants to get to the router's internal web server.

Did you configure your Firefox to purge locally cached data on its exit?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-04 19:04, VanguardLH wrote:

"Carlos E.R." <robin_listas@es.invalid> wrote:

Incubus wrote:

Nil <rednoise9@rednoise9.invalid> wrote:

How about HTTPS-Only Mode, under Privacy & Security?

HTTPS provides a secure, encrypted connection between Firefox and the
websites you visit. Most websites support HTTPS, and if HTTPS-Only
Mode is enabled, then Firefox will upgrade all connections to HTTPS.

[ ] Enable HTTPS-Only Mode in all windows   (Manage Exceptions...)
[ ] Enable HTTPS-Only Mode in private windows only
[x] Don't enable HTTPS-Only Mode

When I did that the strange thing is I was able to get, momentarily,
a log in into the router but then it reverted instantly back to
wanting https! https://i.postimg.cc/5tNdmWVZ/Screenshot-49.png

That's because the router itself supports https and has a certificate
for it. It is the router itself who is insisting on https.

In that screenshot-49.png, notice the crossed-out padlock in the address
bar. The router does not have a site certificate for its internal web server, so the router cannot use HTTPS. The user is connecting via
HTTP, and why the cross-out padlock appears to warn HTTPS is *not* being used.

No, that means that you are not using a secure connection, not
necessarily that it is not available. The OP mentioned connecting to it
via https, but could not accept the certificate because he didn't get
the option to click (because pop ups were blocked, I guess).

Firefox, I understand, had at that point disabled the option to force
https in config.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-04, Andy Burns <usenet@andyburns.uk> wrote:

You can probably find a port of Wget to Windows 10

You can, but no need, since it comes with curl as standard ...

I thought curl was not in Windows, but I just checked, and, by golly, it is there. Is this new? I used to have to install wget, but I'll use curl now!

As for the problems I saw yesterday, I have read all the advice in all the newsgroups and I have done some experiments (much to my later regret).

You're all probably correct that it's not Firefox's fault, but mine for not realizing what the problem really was until long after I worked around it.

If I take the same approach that Vanguard took of looking at my own screenshots, I noticed this was taken at 8:51 am after the factory reset. https://i.postimg.cc/5tNdmWVZ/Screenshot-49.png

I had taken lots of screenshots and rearranged and deleted many so the numbering system got messed up, but this screenshot was taken at 9:09 am. https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

This morning, to test what happened yesterday, I made the (big) mistake of resetting the Netgear R7000 router back to factory defaults. I did this so
that I could test the sequence of what happened, but using Iron instead.

What happened with Iron was completely different than it was with Firefox.

I don't blame Firefox because I have messed with the Firefox about:config settings as suggested in this newsgroup - where I think I figured it out.

Notice that at 8:51 am I was able to connect over Ethernet cable from the Windows PC to the router using a http://192.168.1.1 URL but not at 9:09.

What's different between 9:51 am yesterday and 9:09 am yesterday?

I don't know, but I "think" what happened was the initial log in _always_ worked. It's just every page _after_ that initial login seem to ask for
http(s) URLs (which the router must have redirected it to - not me!).

And then, remember that I only figured out that a missing dialog was
occurring when I later tried to remove the broadcast SSID checkbox.

With Firefox, it wouldn't let me do that, but Iron came up with this:
"WPS requires SSID broadcasting in order to work. If you make this change,
WPS will become inaccessible. Do you want to continue?"

It wouldn't do anything until I hit the extraneous "OK" in that warning.

With that in mind, I "think" the problem with the initial login was there
may have been a similar "OK" that needed to be checked, but I didn't see it
in Firefox.

Of course, today I tried to test that theory out, but I immediately
realized I hurt myself by doing that, and so I regret following the advice!

I'm not mad at people for suggesting the advice of course, but I'm mad at myself because I screwed it up not knowing what would happen in the test.

I summarized this in the other thread asking about tftp software, as
[1] Yesterday I set the router to factory defaults
[2] When I finally logged in with Iron, I set the same old password
[3] At some point yesterday, I flashed to the latest router firmware
[4] Many times I logged in - and the old 8-character password worked

Unbeknownst to me, the new firmware _allowed_ the old password but the new firmware doesn't allow you to _set_ an old password after a factory reset.

So now, of all my routers, this one router has a different password.
All because I tried to test what you were nicely telling me all along.

I should have just believed you instead of testing it out for myself.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

Incubus wrote:

I thought curl was not in Windows, but I just checked, and, by golly, it is there. Is this new? I used to have to install wget, but I'll use curl now!

Fairly sure it arrived with Win10.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-04, "Carlos E.R." <robin_listas@es.invalid> wrote:

On 2023-02-04 04:44, Incubus wrote:

It could be my Firefox settings though, but what happened was a dialog box >> asking for an "OK" popped up in SRWare Iron, but not in Firefox.

You have pop ups blocked in FF. Default setting, I think.

I commented on this on your other thread.

I think everyone is right that it was my Firefox settings which must have
been "hiding" something that popped up in that Netgear https redirect link.

In a way, I would like to blame Netgear for inserting that redirect though. http://192.168.1.1 redirected to https://www.routerlogin.net/genie_index.htm

For two days now I have been pondering what actually happened, and I have
come to the realization it can probably only be reproduced the first time
you log into the Netgear R7000 router directly following a factory reset.

A normal login attempt to the router does NOT redirect to an https URL.
But the first login after a factory reset DOES redirect to an https URL.

If that's right, this https issue is a Netgear-inserted encumbrance.

If my assumption is correct, it was that inserted Netgear redirect that
was trying to get to an http(s) server in order to set these options. https://i.postimg.cc/5tNdmWVZ/Screenshot-49.png

Pressing any button on that initial one-time-only page above is what
brought me to the https link of https://www.routerlogin.net/genie_index.htm https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

I don't think that https page pops up at any other time, but since I had
just reset the router and since I was logging into the router firmware to
set it up, I was stopped cold at that web page when I first posted this.

Thanks for all your help for using Firefox to set up the Netgear R7000.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2023-02-04, Andy Burns <usenet@andyburns.uk> wrote:

I thought curl was not in Windows, but I just checked, and, by golly, it is >> there. Is this new? I used to have to install wget, but I'll use curl now!

Fairly sure it arrived with Win10.

I see now that curl.exe has been part of Windows 10 since build 17063.

https://curl.se/windows/microsoft.html
"On December 19 2017, Microsoft announced that since insider build 17063
of Windows 10, curl is a default component. The initial curl version
Microsoft shipped was 7.55.1 but it was upgraded to 7.79.1 in January 2022.
The curl tool shipped with Windows is built by and handled by Microsoft. It
is a separate build that will have different features and capabilities
enabled and disabled compared to the Windows builds offered by the curl project. They do however build curl from the same source code. You can
probably assume that the curl packages from Microsoft will always lag
behind the versions provided by the curl project itself."

You don't even have to "enable" curl in Windows 10 like I had to enable
tftp to push the router firmware onto the router without using Firefox.
tftp -i 192.168.1.1 put R7000-V1.0.11.136_10.2.120.chk

I originally thought of using tftp only because I couldn't log in using
Firefox and when I researched the steps, I found out a login isn't needed.

The first thing you do is reset a booted-up Netgear R7000 router to factory defaults by holding the power button for 7 seconds until the white power
light blinks amber.

Then you make sure the Windows PC Ethernet port is set to the same subnet.

I had to first find the exact spelling name of the Ethernet port.
netsh interface ip show interface
connected Ethernet
ipconfig /all
Ethernet adapter Ethernet:
Autoconfiguration IPv4 Address. . : 169.254.89.111
Subnet Mask . . . . . . . . . . . : 255.255.0.0

Then I had to set it to anything other than 192.168.1.{0,1,255}.
netsh interface ip set address name="Ethernet" static 192.168.1.10 255.255.255.0 192.168.1.1

Then I could tftp the latest firmware onto the Netgear R7000 router
but here's where the sequence gets a little hairy in the specific steps.

tftp -i 192.168.1.1 put R7000-V1.0.11.136_10.2.120.chk
Caution: Do not press Enter until you are instructed to do so!

Unplug all other Ethernet connections from your router.
Leave only your computer connected to the router by the Ethernet.

Turn your R7000 router off for 10 seconds.
Turn your router back on.
Wait for the Power LED to light orange and start flashing.

When the R7000 Power LED is flashing, return to the command window tftp.
Now press Enter to execute the tftp command in the Windows 10 command line. tftp -i 192.168.1.1 put R7000-V1.0.11.136_10.2.120.chk

This will initiate the firmware upload to the R7000 router.
Wait about 4 minutes for the router to finish storing the firmware.
When finished, the Power LED turns solid white & the wireless LEDs light.

I only used tftp because I thought it would log into the router when
Firefox wouldn't let me log into the router, but I've only realized after I posted this thread that tftp doesn't actually "log in" to anything.

It just pushes/gets files, I think.

It seems strange (at least to me) that Windows 10 tftp does not first log
into the router with a username and password.

It seems to me like a security hole waiting to happen, but I guess if
someone already have your router in their hands, it's already theirs.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 2/3/2023 5:21 PM, Incubus wrote:

What do I need to do inside of Firefox to force it to use http and not constantly switch to https?
https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

What do I do inside of Firefox to force Firefox to ask for a router certificate instead of just assuming it's always bad?

It's a long story but the part that relates to Windows & Firefox is that
I'm trying to access a Netgear Nighthawk AC1900 Model R7000 router over Ethernet on Windows 10 but I can't get Firefox (version 109.0.1) to allow
me to let Firefox just ignore the (s) in the https security.
I set Windows Ethernet to 192.168.1.x because I know the router is 192.168.1.1 and I pressed the factory reset button for 7 seconds so the router should have been reset to admin/password login credentials.

I type "http://192.168.1.1" into Firefox but it changes that to https://www.routerlogin.net/genie_index.htm by some Firefox magic that I didn't have any control over.

I keep typing "http" by removing the "s" but it keeps insisting on going to http(s) but it doesn't give me ANY option to just proceed and let me take
the risk.

Why doesn't Firefox let me proceed with http?
Why can't Firefox just ask for the certificate?
Why won't Firefox let me do what I want to do?

It's so frustrating because I don't understand what is preventing me from just going to http instead of https (which is NOT where I want to go).

I looked at ALL the settings inside Firefox and can't find where the
setting is to let me go to http instead of https (or at least ASK me if I feel safe enough to go to http which I do since this is just a router).

Please help me.
(For now, I gave up on Firefox and am going to try 'tftp' on Windows next.)

This does not happen (and never has) with Firefox on my Win10 machine.
Since the server that hosts the websites that you visit determine
whether the site is http: or https:, Firefox doesn't set that header in
any case. It might have a setting to prevent visiting http:, but I've
never used that so can't help you there.

--
best regards,

Neil

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On 03/02/2023 22:21, Incubus wrote:

What do I need to do inside of Firefox to force it to use http and not constantly switch to https?
https://i.postimg.cc/Vs3wPhqC/Screenshot-48.png

What do I do inside of Firefox to force Firefox to ask for a router certificate instead of just assuming it's always bad?

It's a long story but the part that relates to Windows & Firefox is that
I'm trying to access a Netgear Nighthawk AC1900 Model R7000 router over Ethernet on Windows 10 but I can't get Firefox (version 109.0.1) to allow
me to let Firefox just ignore the (s) in the https security.
I set Windows Ethernet to 192.168.1.x because I know the router is 192.168.1.1 and I pressed the factory reset button for 7 seconds so the router should have been reset to admin/password login credentials.

I type "http://192.168.1.1" into Firefox but it changes that to https://www.routerlogin.net/genie_index.htm by some Firefox magic that I didn't have any control over.

I keep typing "http" by removing the "s" but it keeps insisting on going to http(s) but it doesn't give me ANY option to just proceed and let me take
the risk.

Why doesn't Firefox let me proceed with http?
Why can't Firefox just ask for the certificate?
Why won't Firefox let me do what I want to do?

It's so frustrating because I don't understand what is preventing me from just going to http instead of https (which is NOT where I want to go).

I looked at ALL the settings inside Firefox and can't find where the
setting is to let me go to http instead of https (or at least ASK me if I feel safe enough to go to http which I do since this is just a router).

Please help me.
(For now, I gave up on Firefox and am going to try 'tftp' on Windows next.)

Let it go to https but add a security exception for the page.

--
Brian Gregory (in England).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.software.firefox, alt.internet.wireless

On Sun, 5 Feb 2023 16:40:40 -0000 (UTC), Incubus <u9536612@gmail.com>
wrote:

The first thing you do is reset a booted-up Netgear R7000 router to factory >defaults by holding the power button for 7 seconds until the white power >light blinks amber.

Then you make sure the Windows PC Ethernet port is set to the same subnet.

I had to first find the exact spelling name of the Ethernet port.
netsh interface ip show interface
connected Ethernet
ipconfig /all
Ethernet adapter Ethernet:
Autoconfiguration IPv4 Address. . : 169.254.89.111
Subnet Mask . . . . . . . . . . . : 255.255.0.0

Then I had to set it to anything other than 192.168.1.{0,1,255}.
netsh interface ip set address name="Ethernet" static 192.168.1.10 255.255.255.0 192.168.1.1

By the way, Windows has a GUI for accomplishing all of this
network-related stuff, largely unchanged since Win95.

Also, I assume you know why .1, .0, and .255 were off the table when you
were picking an IP address.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)