Mixed SSL Content Warning Secure Fixed

FREE THOUGHT · FREE SOFTWARE · FREE WORLD

« htaccess rewrite, htaccesshtaccess Tricks for Webmasters »

I used to run into the problem of having warning messages pop up when I accessed a page with secure and non-secure information and finally I found something that let me post non-ssl encrypted content on an ssl encrypted page and no warning messages will pop up!

On on of my secure sites, lets say https://www.askapache.com/htaccess/ I wanted to give my visitors the option to post youtube videos and google videos. But then everyone kept seeing the “warning, mixed secure/non-secure content” on a page that had one of these videos.

I basically did a str_replace on all posts text for http://video.google.com and http://youtube.com to change them to https://www.example.com/htaccess/

Then I used the following rewrite code:

RewriteEngine On
RewriteBase /
RewriteRule ^htaccess/googleplayer\.swf(.*)$ http://video.google.com/googleplayer.swf$1 [L]
RewriteRule ^htaccess/youtube/(.*)$ http://www.youtube.com/$1 [L]

and it worked!

But one caveat, this wouldn’t turn the warning messages off in IE < version 7, so I added some simple HTML to the head of all my pages that only show up for people using IE < version 7.

<!--[if lt IE 7]>
<span id="ie7">Please Upgrade:
<a href="http://www.microsoft.com/windows/ie/downloads/default.mspx?mg_id=10013">IE 7!</a>
<a href="http://www.mozilla.com/en-US/">FF!</a></span>
<![endif]“>

Cool huh!

Fix for secure and nonsecure items warning message

« htaccess rewrite, htaccess
htaccess Tricks for Webmasters »

My Picks

Support Freedom or Die

Newest Posts

The love of liberty is the love of others; the love of power is the love of ourselves.
-- William Hazlitt

htaccess Guide

The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee

Leave your own comment

Reader Comments

j-o-d-a ~
ah cool idea. But I wonder how long this “hack” works because the site still has mixed content in the end. I’d call it a “security” bug in the browsers mixed content detection. The browser can not detect the non-secure content right away because the secured webserver redirects to non secure content (later when accessing the subresources of the page).
Cd-MaN ~
From what I understand you imply that you can use mod_rewrite as mod_proxy. But from my experience this is not true (you can only rewrite to local URLs). Can you confirm / contradict this and eventually give some details (what extra configuration is needed, what version of Apache / mod_rewrite does this work with)?

Go for it!

It's very simple - you read the protocol and write the code. -Bill Joy

HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

Site Map | Contact Webmaster | Glossary | License and Disclaimer | Terms of Service

↑ TOP
Main