HTTPS Site Error

Forum Moderators: phranque

Message Too Old, No Replies

HTTPS Site Error

Do you want to view only the webpage content that was delivered securely

comdini

6:24 am on Jan 25, 2011 (gmt 0)

I've published a Website on Apache. it has payment gateway also. Because I've configured it as a Secured Site. Entire Web site is running as [mywebpage.com...] . Lot of Site Visitors are complaining that when connect to web one of Security Message Prompting. it is there as below. Already we've purchased SSL Certificate & Configured also.how can I resolve this ?

"Do you want to view only the webpage content that was delivered securely

This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."

My 2nd Question is We want Secure Page for Only Payment Gateway Page [mywebpage.com...]
Other Pages want to keep as [mywebpage.com...] .
How can I do it from Apache ?

Regards,
COMDINI

aakk9999

1:12 am on Jan 26, 2011 (gmt 0)

One of the ways is to use full absolute URLs on internal links on your site, so use https in URL on pages that should be delivered securely and http on pages that do not have to be secure, but this can be a pain with navigation templates and with running the same site on the test domain.

The second solution:
If you prefer to use root-relative URLs and if you do not need to have your https pages indexed, then you can also use the second solution which is to have a list of http and https URLs and do 302 temporary redirect accordingly. So if you are on http page and the user clicks on the link that should be served over SSL, you do 302 to https version of that URL. When on https page (where all navigation will now show in https), then if user clicks on any of links that should NOT be delivered over SSL, then you do 302 to http version of that URL.

g1smd

8:03 am on Jan 26, 2011 (gmt 0)

The solution with 302 redirects is likely to be search engine suicide. Clicking site navigation links should take you straight to the content without any redirect.

comdini

8:23 am on Jan 26, 2011 (gmt 0)

aakk9999 , I'm a beginner for this .Can you explain me that how can i do this in Apache Server .

g1smd

11:18 am on Jan 26, 2011 (gmt 0)

Link to the correct URL with the correct protocol in the internal site navigation links within your site.

Set up redirects so that if the wrong protocol should happen to be requested, the user is redirected to the correct version.

There are thousands of previous threads with example code as this is a question that is asked several times every week. Indeed, this question has been asked 4 times in the last 48 hours alone.

[google.com...]

aakk9999

7:44 pm on Jan 26, 2011 (gmt 0)

The solution with 302 redirects is likely to be search engine suicide.

Perhaps you are right g1smd.

The site I know that is doing http -> https via 302 has this on three URLs only, that all take user to login screen. All other https pages are behind login so not accessible to bots and whilst clicking on main nav on https version of the page does 302 https --> http page version, bots do not see it as it is behind login. We did not change this as it does not seem to cause any problems, at least for now.

But I see that this could be open to competitors' attack if they decide to extensively link to https version of pages.

HTTPS Site Error

Do you want to view only the webpage content that was delivered securely

comdini

aakk9999

g1smd

comdini

g1smd

aakk9999

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week