« Htaccess File Samplehtaccess Tricks for Webmasters »
Mixed SSL Content Warning Secure Fixed
AskApache
http://www.askapache.com/htaccess/mixed-ssl-content-warning-secure-fixed.html
I used to run into the problem of having warning messages pop up when I accessed a page with secure and non-secure information and finally I found something that let me post non-ssl encrypted content on an ssl encrypted page and no warning messages will pop up!
Mixed SSL Content Warning Secure Fixed
April 8th, 2007
I used to run into the problem of having warning messages pop up when I accessed a page with secure and non-secure information and finally I found something that let me post non-ssl encrypted content on an ssl encrypted page and no warning messages will pop up!
On on of my secure sites, lets say https://www.askapache.com/htaccess/ I wanted to give my visitors the option to post youtube videos and google videos. But then everyone kept seeing the "warning, mixed secure/non-secure content" on a page that had one of these videos.
I basically did a str_replace on all posts text for http://video.google.com and http://youtube.com to change them to https://www.example.com/htaccess/ Then I used the following rewrite code:RewriteEngine On RewriteBase / RewriteRule ^htaccess/googleplayer\.swf(.*)$ http://video.google.com/googleplayer.swf$1 [L] RewriteRule ^htaccess/youtube/(.*)$ http://www.youtube.com/$1 [L]and it worked! But one caveat, this wouldn't turn the warning messages off in
IE < version 7, so I added some simple HTML to the head of all my pages that only show up for people using IE < version 7.
<!--[if lt IE 7]> <span id="ie7">Please Upgrade: <a href="http://www.microsoft.com/windows/ie/downloads/default.mspx?mg_id=10013">IE 7!</a> <a href="http://www.mozilla.com/en-US/">FF!</a></span> <![endif]“>Cool huh! Fix for secure and nonsecure items warning message
http://www.askapache.com/htaccess/mixed-ssl-content-warning-secure-fixed.html#comments
Reader Comments
-
Hi, I need help. My entire joomla site is running on https secured access. One of my page is displaying weather forecast from third party website. Since the third party weather forecast website is accessed by http - non secured, my web page is showing mixed content security warning on IE8 when I access this page, "Do you want to view only the web page content that was delivered securely?". My question is, I still want to display the forecast data without showing the above mixed content warning. Can I achieve this using .htaccess file's RewriteRule concept? I don't understand much of its functionality as you explained. Can anyone help me please?
-
ah cool idea. But I wonder how long this "hack" works because the site still has mixed content in the end. I'd call it a "security" bug in the browsers mixed content detection. The browser can not detect the non-secure content right away because the secured webserver redirects to non secure content (later when accessing the subresources of the page).
-
From what I understand you imply that you can use mod_rewrite as mod_proxy. But from my experience this is not true (you can only rewrite to local URLs). Can you confirm / contradict this and eventually give some details (what extra configuration is needed, what version of Apache / mod_rewrite does this work with)?
