Welcome to WebmasterWorld Guest from 23.20.241.155

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

accessing other files when using ssl

     
8:05 pm on Oct 27, 2006 (gmt 0)

10+ Year Member



I am implementing ssl in a site and I am forcing https in certain directories by using the following in .htaccess

RewriteCond %{SERVER_PORT}!^443$
RewriteRule (.*) [mydomain.co.uk...] [R=301,L]

As I have read in several places that SE’s can recognise https instead of http I am thinking of forcing http from root.

RewriteCond %{SERVER_PORT}!^80$
RewriteRule (.*) [mydomain.co.uk...] [R=301,L]

However I found that I get multiple warnings from IE because my css file and a few images are being called from non-secure locations.

I can make a secure directory with all the files & images I need but that is a duplication and I would like to find a smarter alternative.

Any suggestions?

Thanks

Ray…

11:07 pm on Oct 27, 2006 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Try using *NIX symlinks (symbolic links), for example, symlinking a "new" secure css directory to the pre-existing non-secure css file directory. You can then force SSL on the new secure directory, which will appear to contain copies of the symlinked files. Not ideal, perhaps, but it prevents having to have real copies of the files in two directories.

Jim

4:03 am on Nov 4, 2006 (gmt 0)

5+ Year Member



I used to run into this problem consistently and finally I found something that worked.

On on of my secure sites, lets say [example.com...] I wanted to give my visitors the option to post youtube videos and google videos. But then everyone kept seeing the "warning, mixed secure/non-secure content" on a page that had one of these videos.

I basically did a str_replace on all posts text for [video.google.com...] and [youtube.com...] to change them to [example.com...]

Then I used the following rewrite code:

RewriteEngine On
RewriteBase /
RewriteRule ^htaccess/googleplayer\.swf(.*)$ http://video.google.com/googleplayer.swf$1 [L]
RewriteRule ^htaccess/youtube/(.*)$ http://www.youtube.com/$1 [L]

and it worked!

But one caveat, this wouldn't turn the warning messages off in IE < version 7, so I added some simple HTML to the head of all my pages that only show up for people using IE < version 7.

<!--[if lt IE 7]>
<span id="ie7">Please Upgrade:
<a href="http://www.microsoft.com/windows/ie/downloads/default.mspx?mg_id=10013">IE 7!</a> ¦<a href="http://www.mozilla.com/en-US/">FF!</a></span>
<![endif]–>

Cool huh!

[edited by: jdMorgan at 1:29 pm (utc) on Nov. 4, 2006]
[edit reason] Examplified [/edit]

1:19 am on Nov 12, 2006 (gmt 0)

10+ Year Member



I eventually opted for two directories.

To make sure that I dont forget anything, I created a script that checks the files in the two directories and copies any newer or missing files across. I regularly call this using cron.

Not what I wanted to do, but it works.

Thanks fer yer help :)

2:25 am on Nov 12, 2006 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



With symlinks, you could have saved the bother. Simply create a "fake secure" directory, symlinked to the real directory. One directory, two filepath names. No copying or updating needed.

If you've only ever worked with Windows, a symlink is simliar to a Windows "Shortcut," but more powerful.

Jim

9:25 pm on Nov 12, 2006 (gmt 0)

5+ Year Member



If you have your ssl virtualhost in your Appache config file pointing to the same document root as the non-ssl virtualhost for that domain then it should be able to serve any file from that directory as ssl or non ssl, I think.
I may be mistaken though but it works for me...

Chris

 

Featured Threads

Hot Threads This Week

Hot Threads This Month