Https not enabled, but still served = broken styles

I have a site in which the URL settings are enabled for http, but not https¹.

Unfortunately, some people still come in via https², and Matrix serves the pages over SSL, but the dynamically generated links³ are still served as http and the page is 'broken'.

I guess the question is: if https is not enabled, why is Matrix even serving the site via https? I would have expected it to automatically rewrite to http. This is a pattern repeated on all of our sites, so it's a system wide problem, not just affecting one site.

Is this a configuration problem with our system? and if so, where?

1) https pages are not cached on our system (is that normal?), so it's slower to load over SSL and we try to avoid it unless necessary

2) Sometimes it's because google sends people to the https version - we're slowly getting on top of this via google webmaster, but it's not the only way they're coming in.

3) eg: mysource_files in the design, linked CSS in the customisation

Generally we handle this by redirecting at the Apache layer back to HTTP if you don't want HTTPS on a particular domain.

If you're a Squiz Supported client your best bet is to contact the support desk, otherwise assuming SSL is offloaded, the rule ends up looking something like:

# Check for SSL offload by Squid, make sure cache_peer contains 'front-end-https=auto' in squid.conf
RewriteCond %{HTTP:Front-End-Https} on [NC]
RewriteRule ^/?(.*) http://YOURADDYGOESHERE/$1 [R,L,QSA]

Google could index your site with HTTPS if you have pages with https anchor links.