homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Images Not Displayed Only When Using SSL -Help?
Images Not Displayed Only When Using HTTPS, but OK Using HTTP

 10:52 pm on Nov 5, 2007 (gmt 0)

Created new web site and everything works perfect under the HTTP: URL, but when I change it to the HTTPS: URL, the images (and style sheet) don't appear.

The server logs report:
"GET /images/photo.jpg HTTP/1.1" 403 219 "https://www.mydomain.com"
"GET /css/stylesheet.css HTTP/1.1" 403 219 "https://www.mydomain.com"

But, everything looks PERFECT using the [mydomain.com...] (and gives a 200 code in server log)

I've seen others with a similar problem, but they are using specific shopping carts. For the moment, this is just an ordinary page with a couple images with an SSL. (Eventually it will be an e-commerce site).

(This is a GoDaddy Virtual Dedicated server running Apache 2.2 & Fedora Core 6 + mod_ssl 2.2. I have FULL access to all files and directories on this server.)

I'm gonna bet this is probably just a simple configuration file setting, but I'm kinda lost where to go from here. I think I understand that the request must be an HTTPS request and not an HTTP request, and the log files report an HTTP request. I've changed the URL in the web page to directly call the link as
(ex: https://www.mydomain.com/images/picture.jpg) but it doesn't fix it and the server logs still show 403 errors.

Somehow I need to change the HTTP request to an HTTPS request, right? If so, How? Maybe it's a permission setting? It's something stupid and simple, I just know it!

Thanks in advance!

~Mike (SSL newbie)



 6:05 pm on Nov 6, 2007 (gmt 0)

Anybody here who does SSL on GD and can help out?

A lot depends on just how GD configures your SSL versus non-SSL server...



 8:19 pm on Nov 6, 2007 (gmt 0)

I do not know anything about Godaddy, but I have been down the route of putting both http: & https: on the same domain, and it is a mistake. Create a subdomain for your https: & save yourself a lot of grief.



 10:50 pm on Nov 6, 2007 (gmt 0)

What's the best way to do this?

Are you suggesting having something like this:


where a URL of https://www.mydomain.com would redirect (using .htaccess) back to https://subdomain.mydomain.com?

Could this work?

I've already got the domain and certificate set up, but I'm sure I could change it. I'm assuming it would have to be re-issued.

Thanks for the input.


 12:57 am on Nov 7, 2007 (gmt 0)


Within my lengthy and elaborate .htaccess file to keep my new server protected from all the infidels and hoodlums on the Internet who have way too much time on their hands, I created a section to prevent hotlinking images (and .css files -why not?).

In oversight, I defined the RewriteCond as from HTTP and not HTTPS.

(That's what I get for being new to SSL's, huh?)

So, here's a big Homer Simpson D'oh! going out from me to everyone who pondered my self-inflicted problem (see: 'typo').

I hope at least someone will be able to learn from my mistake someday (I sure did)!

Thanks for such a GREAT portal! Keep up the good work everyone!


 2:07 am on Nov 7, 2007 (gmt 0)

You can define it for both http and https simply by starting the referrer-checking pattern with "^https?://" which makes the "s" optional.


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved