homepage Welcome to WebmasterWorld Guest from 54.234.2.88
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
accessing other files when using ssl
Wayder




msg:3137451
 8:05 pm on Oct 27, 2006 (gmt 0)

I am implementing ssl in a site and I am forcing https in certain directories by using the following in .htaccess

RewriteCond %{SERVER_PORT}!^443$
RewriteRule (.*) https://www.mydomain.co.uk/mydir/$1 [R=301,L]

As I have read in several places that SE’s can recognise https instead of http I am thinking of forcing http from root.

RewriteCond %{SERVER_PORT}!^80$
RewriteRule (.*) [mydomain.co.uk...] [R=301,L]

However I found that I get multiple warnings from IE because my css file and a few images are being called from non-secure locations.

I can make a secure directory with all the files & images I need but that is a duplication and I would like to find a smarter alternative.

Any suggestions?

Thanks

Ray…

 

jdMorgan




msg:3137611
 11:07 pm on Oct 27, 2006 (gmt 0)

Try using *NIX symlinks (symbolic links), for example, symlinking a "new" secure css directory to the pre-existing non-secure css file directory. You can then force SSL on the new secure directory, which will appear to contain copies of the symlinked files. Not ideal, perhaps, but it prevents having to have real copies of the files in two directories.

Jim

cduke250




msg:3145656
 4:03 am on Nov 4, 2006 (gmt 0)

I used to run into this problem consistently and finally I found something that worked.

On on of my secure sites, lets say https://www.example.com/htaccess/ I wanted to give my visitors the option to post youtube videos and google videos. But then everyone kept seeing the "warning, mixed secure/non-secure content" on a page that had one of these videos.

I basically did a str_replace on all posts text for [video.google.com...] and [youtube.com...] to change them to https://www.example.com/htaccess/

Then I used the following rewrite code:

RewriteEngine On
RewriteBase /
RewriteRule ^htaccess/googleplayer\.swf(.*)$ http://video.google.com/googleplayer.swf$1 [L]
RewriteRule ^htaccess/youtube/(.*)$ http://www.youtube.com/$1 [L]

and it worked!

But one caveat, this wouldn't turn the warning messages off in IE < version 7, so I added some simple HTML to the head of all my pages that only show up for people using IE < version 7.

<!--[if lt IE 7]>
<span id="ie7">Please Upgrade:
<a href="http://www.microsoft.com/windows/ie/downloads/default.mspx?mg_id=10013">IE 7!</a> ¦<a href="http://www.mozilla.com/en-US/">FF!</a></span>
<![endif]–>

Cool huh!

[edited by: jdMorgan at 1:29 pm (utc) on Nov. 4, 2006]
[edit reason] Examplified [/edit]

Wayder




msg:3153952
 1:19 am on Nov 12, 2006 (gmt 0)

I eventually opted for two directories.

To make sure that I dont forget anything, I created a script that checks the files in the two directories and copies any newer or missing files across. I regularly call this using cron.

Not what I wanted to do, but it works.

Thanks fer yer help :)

jdMorgan




msg:3153982
 2:25 am on Nov 12, 2006 (gmt 0)

With symlinks, you could have saved the bother. Simply create a "fake secure" directory, symlinked to the real directory. One directory, two filepath names. No copying or updating needed.

If you've only ever worked with Windows, a symlink is simliar to a Windows "Shortcut," but more powerful.

Jim

Citrus




msg:3154544
 9:25 pm on Nov 12, 2006 (gmt 0)

If you have your ssl virtualhost in your Appache config file pointing to the same document root as the non-ssl virtualhost for that domain then it should be able to serve any file from that directory as ssl or non ssl, I think.
I may be mistaken though but it works for me...

Chris

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved