httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] mod_ssl mod_rewrite problem
Date Thu, 08 Apr 2004 02:27:57 GMT

On Wed, 7 Apr 2004, simon wrote:
> I have this working using:
>
> RewriteEngine on
> RewriteCond %{HTTPS} !=on
> RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]
>
> The nasty problem is that when I redirect a request for a page (e.g.
> index.html) that contains an <img src> tag in the form of:
>
> <img src = "http://server/logos.gif">,
>
> IE 6 continually complains that the page contains insecured items and
> refuses to display the yellow padlock. However, an examination of my rewrite
> logs indicates that the GET for the logos.gif, in the html, is being
> redirected correctly:

What happens is this:

1. Client requests index.html using HTTP.
2. Server redirects client to index.html on HTTPS.
3. Client grabs index.html on HTTPS, parses it, and requests logos.gif on
HTTP.
4. Server redirects request for logos.gif to HTTPS.
5. Client requests logos.gif on HTTPS.

The warning from the client comes at step 3, since the client has no way
to know that the request will be redirected to a secure server.  And even
if it is redirected, the redirect itself comes over HTTP, which the client
considers insecure, and therefore you don't get a padlock.  (The insecure
item in the end is the redirect, not the image.)

> My inclination is to modify all the <img src> tags so that they all point to
> a relative path name instead of a URL but I inherited the code and this
> would prove onerous. Moreover, it does not seem reasonable to me that my
> redirects should cause IE6 such problems.

I think changing the links is the only option.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message