https to http

Forum Moderators: phranque

Message Too Old, No Replies

https to http

Need help changing back from https

mikemwe

4:41 pm on Dec 20, 2006 (gmt 0)

Ok guys. I'm a newbie, but I need some help with secure and non-secure pages. I have no problem making my entire site non-secure:

RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ [mysite.com...] [R,L]

I have no problem making a folder secure:

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^testform.htm$ [mysite.com...] [R,L]

It actually works, but in Firefox, the url turns red for the secure folder/page and says information is only partially encrypted. So it works, but something isn't registering with Firefox. IE6 and IE7 don't seem to say anything and it's ok. Any help out there?

Basically I'm trying to make only certain folders secure and when they're done with the secure pages, and they click somewhere else on the site, it should turn back to non-secure.

jdMorgan

5:24 pm on Dec 20, 2006 (gmt 0)

You'll need to look into how images, scripts, CSS includes, etc. are linked on your pages. If the page is served via SSL, then all of those included elements also need to be served via SSL. So, either the links to those elements need to be server- or page-relative, or you'll need to take other steps to see that they are also served from the HTTPS "domain."

Your HTTP and HTTPS redirects need to be fully "mirror-imaged" functionally. For example, in your mysite.com/.htaccess file:


RewriteEngine on
#
# Switch to HTTPS if /test2/test1/test/ directory resources requested using HTTP
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^test2/test1/test/(.*)$ https://www.mysite.com/test2/test1/test/$1 [R=301,L]
#
# Switch back to HTTP if HTTPS request for anything except /test2/test1/test/ subdirectory resources
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/test2/test1/test/
RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]

Jim

[edited by: jdMorgan at 5:24 pm (utc) on Dec. 20, 2006]

mikemwe

8:04 pm on Dec 20, 2006 (gmt 0)

Thanks for the insight, jdMorgan. I think I understand where you're coming from, but I don't think I have the capability to do what you said. Basically, I'm serving up a normal page from our site with an IFRAME to a secure form from another vendor who provides that to us. I put it in an IFRAME so that the user doesn't "leave" our site.

The rest of the page is basically a template that the whole site is designed from. So I guess what you're saying is that the template is being served from unsecured directories (images, css) and causing the conflict. Is that correct?

If there a way around it that you know of?

jdMorgan

1:38 am on Dec 21, 2006 (gmt 0)

With full server configuration access, you could proxy the remote site page/resource using a reverse proxy (see Apache mod_proxy). I don't know of any other good methods, though, because almost all other methods (including the iFrame method) are highly insecure.

If the browser throws a mixed-content warning, that means a potentially serious problem for both users and for you.

Jim

mikemwe

1:32 pm on Dec 21, 2006 (gmt 0)

Thanks. I don't have configuration access. It's just through an ISP provider who gives us access to put in an htaccess file. I think I'll just throw in the htaccess file in the secure folder to switch it over to https and then if they go to the rest of the site, they'll just surf in https. Not a big deal. Thanks for your help.

jdMorgan

2:01 pm on Dec 21, 2006 (gmt 0)

The problem is not the switching back and forth between http and https -- some variant of the code I posted above should work fine for that.

The problem is the mixed-content warnings, which may remain problematic if you're accessing a remote site.

Jim

https to http

Need help changing back from https

mikemwe

jdMorgan

mikemwe

jdMorgan

mikemwe

jdMorgan

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week