Welcome to WebmasterWorld Guest from 54.221.28.179

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Images Not Displayed Only When Using SSL -Help?

Images Not Displayed Only When Using HTTPS, but OK Using HTTP

     

mlewitz

10:52 pm on Nov 5, 2007 (gmt 0)

5+ Year Member



Created new web site and everything works perfect under the HTTP: URL, but when I change it to the HTTPS: URL, the images (and style sheet) don't appear.

The server logs report:
"GET /images/photo.jpg HTTP/1.1" 403 219 "https://www.mydomain.com"
"GET /css/stylesheet.css HTTP/1.1" 403 219 "https://www.mydomain.com"

But, everything looks PERFECT using the [mydomain.com...] (and gives a 200 code in server log)

I've seen others with a similar problem, but they are using specific shopping carts. For the moment, this is just an ordinary page with a couple images with an SSL. (Eventually it will be an e-commerce site).

(This is a GoDaddy Virtual Dedicated server running Apache 2.2 & Fedora Core 6 + mod_ssl 2.2. I have FULL access to all files and directories on this server.)

I'm gonna bet this is probably just a simple configuration file setting, but I'm kinda lost where to go from here. I think I understand that the request must be an HTTPS request and not an HTTP request, and the log files report an HTTP request. I've changed the URL in the web page to directly call the link as
(ex: [mydomain.com...] but it doesn't fix it and the server logs still show 403 errors.

Somehow I need to change the HTTP request to an HTTPS request, right? If so, How? Maybe it's a permission setting? It's something stupid and simple, I just know it!

Thanks in advance!

~Mike (SSL newbie)

jdMorgan

6:05 pm on Nov 6, 2007 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Anybody here who does SSL on GD and can help out?

A lot depends on just how GD configures your SSL versus non-SSL server...

Jim

WW_Watcher

8:19 pm on Nov 6, 2007 (gmt 0)

10+ Year Member



I do not know anything about Godaddy, but I have been down the route of putting both http: & https: on the same domain, and it is a mistake. Create a subdomain for your https: & save yourself a lot of grief.

WW_Watcher

mlewitz

10:50 pm on Nov 6, 2007 (gmt 0)

5+ Year Member



What's the best way to do this?

Are you suggesting having something like this:

[mydomain.com...]
and
[subdomain.mydomain.com...]

where a URL of [mydomain.com...] would redirect (using .htaccess) back to [subdomain.mydomain.com?...]

Could this work?

I've already got the domain and certificate set up, but I'm sure I could change it. I'm assuming it would have to be re-issued.

Thanks for the input.
~Mike

mlewitz

12:57 am on Nov 7, 2007 (gmt 0)

5+ Year Member



OKAY... I'm a COMPLETE IDIOT! FIGURED IT OUT!

Within my lengthy and elaborate .htaccess file to keep my new server protected from all the infidels and hoodlums on the Internet who have way too much time on their hands, I created a section to prevent hotlinking images (and .css files -why not?).

In oversight, I defined the RewriteCond as from HTTP and not HTTPS.

(That's what I get for being new to SSL's, huh?)

So, here's a big Homer Simpson D'oh! going out from me to everyone who pondered my self-inflicted problem (see: 'typo').

I hope at least someone will be able to learn from my mistake someday (I sure did)!

Thanks for such a GREAT portal! Keep up the good work everyone!
~Mike

jdMorgan

2:07 am on Nov 7, 2007 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You can define it for both http and https simply by starting the referrer-checking pattern with "^https?://" which makes the "s" optional.

Jim

 

Featured Threads

Hot Threads This Week

Hot Threads This Month