SSL problem - IE6 warning: do you want to display nonsecure items? - HTML forum at WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

SSL problem - IE6 warning: do you want to display nonsecure items?

How to stop this appearing?

tintin99

11:37 am on Mar 26, 2006 (gmt 0)

I'm designing a secure company extranet and I'm using an iframe on the home page only, which pulls in a page containing nonsecure items. So of course I get the IE warning "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?". I need to stop this appearing if possible.

As far as I know there are 2 options:

1. Change the security settings in IE. This isn't ideal as the extranet may be viewed from many different pc's both inside and outside the company, and we don't want to have to modify IE settings each time.

2. Host the home page on a nonsecure part of the server leaving the rest of the extranet on the secure part. (Am I right in thinking this will work?).

Can anyone suggest any other ways of achieving this? The site is running on IIS6.

Thanks!

DrDoc

4:08 pm on Mar 26, 2006 (gmt 0)

And you can't just secure the iframe content pages?

tintin99

4:30 pm on Mar 26, 2006 (gmt 0)

No unfortunately I don't have access to them.

DrDoc

5:25 pm on Mar 26, 2006 (gmt 0)

Well, you can either use a traditional frameset, where the frameset itself is not secure, but one of the frames is. Then, use the other frame for your other unsecured pages.

Or, you can use .htaccess or a regular PHP/Perl script as a proxy, which would allow you to fetch these pages securely.

tintin99

5:41 pm on Mar 26, 2006 (gmt 0)

Thanks DrDoc - I like the sound of your second suggestion but is there a way to do it with ASP?

DrDoc

5:42 pm on Mar 26, 2006 (gmt 0)

I would assume so, although I personally don't know how.

tintin99

5:57 pm on Mar 26, 2006 (gmt 0)

What should I try searching for in Google? How would your PHP/Perl solution work? I'm not quite sure what it would actually do...

DrDoc

5:18 am on Mar 27, 2006 (gmt 0)

You would pass a URL to the script, it would download the contents and pass them straight through to the browser.

Now, this becomes a little trickier if there are a lot of images and other non-HTML content involved.

I'd start by searching for "ASP proxy" and see where that takes you.