Author Topic: HTTPS / SSL  (Read 1013991 times)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #30 on: October 28, 2005, 03:49:05 PM »
Quote
I made it, and it only redirects the pages you want to HTTPS and the rest to HTTP.
Uploaded to the site, and seems to be working great! Thanks again, miquelfire!

-Eric

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #31 on: October 31, 2005, 06:25:15 AM »
Miquelfire (or anyone else), any idea why those rules make http://passwordmaker.org/proto/test34.xul redirect to https://?

That URL is discussed here.

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HTTPS / SSL
« Reply #32 on: November 01, 2005, 04:23:47 PM »
No clue. From what I see, that page should be redirected to http if https is used. Did you change something when you posted it?
« Last Edit: November 01, 2005, 04:26:26 PM by miquelfire »
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #33 on: November 02, 2005, 03:41:11 PM »
Turns out the /proto directory had its own .htaccess file with rules causing the redirect to https. I think I was using it as a test directory some time ago.

By the way, do you know why, when I visit https://passwordmaker.org/passwordmaker.html, I'm told the page contains secure and non-secure elements? (You might have to use a new profile to see this message if you've told your browser not to show it to again). My guess is it's because the page has code like this:

Code: [Select]
<link rel="stylesheet" href="/common.css" type="text/css"/>
<script src="/scripts/common.js" type="text/javascript"></script>
...
those files, when requested by the browser, are forced to be downloaded using http:// because of these rules:
Code: [Select]
# Redirects the pages that shouldn't be HTTPS to HTTP
# Note the lack of [OR]
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_URI} !^/installation.html$
RewriteCond %{REQUEST_URI} !^/installation2.html$
RewriteCond %{REQUEST_URI} !^/passwordmaker.html$
RewriteCond %{REQUEST_URI} !^/konfabulator.html$
RewriteCond %{REQUEST_URI} !^/ie.html$
RewriteRule .* http://passwordmaker\.org%{REQUEST_URI} [L,R=301]
What do you think?

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HTTPS / SSL
« Reply #34 on: November 03, 2005, 03:27:35 PM »
Hmm, maybe remove the forcing of the http redirects for now. I can't see a way to force people to use http unless you edit the links to use http all the time for HTML pages. Or have it so that only .html pages are forced to redirect to HTTP by replacing the RewriteRule line with:
Code: [Select]
RewriteRule.*\.html http://passwordmaker\.org%{REQUEST_URI} [L,R=301]
Oh yea, just noticed this, a path of /installationXhtml will be forced to HTTPS with the current rules because I didn't escape the '.'
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #35 on: November 03, 2005, 03:34:11 PM »
How do I escape '.'? Like this: '\.'?

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HTTPS / SSL
« Reply #36 on: November 03, 2005, 03:37:42 PM »
Yep.

And you been programming Javascript for how long?
« Last Edit: November 03, 2005, 03:38:11 PM by miquelfire »
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #37 on: November 03, 2005, 05:56:12 PM »
Quote
And you been programming Javascript for how long?
I started yesterday. I can write websites now!

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #38 on: November 03, 2005, 06:21:59 PM »
Quote
Oh yea, just noticed this, a path of /installationXhtml will be forced to HTTPS with the current rules because I didn't escape the '.'
The examples in the 1.3 mod_rewrite docs don't use \. in URIs. For instace (end of RewriteCond):
Quote
Example:

To rewrite the Homepage of a site according to the ``User-Agent:'' header of the request, you can use the following:

RewriteCond  %{HTTP_USER_AGENT}  ^Mozilla.*
RewriteRule  ^/$                 /homepage.max.html  [L]

RewriteCond  %{HTTP_USER_AGENT}  ^Lynx.*
RewriteRule  ^/$                 /homepage.min.html  [L]

RewriteRule  ^/$                 /homepage.std.html  [L]

Quote
Or have it so that only .html pages are forced to redirect to HTTP by replacing the RewriteRule line with:
Code: [Select]
RewriteRule.*\.html http://passwordmaker\.org%{REQUEST_URI} [L,R=301]
I've done this, and still get the warning. When I click Tools->Page Info->Media to see which resources weren't downloaded using SSL, the offending resource is always http://passwordmaker.org/images/li.gif -- no matter what the page. Here is my compelte .htaccess file. Do you see anything that might be causing this?

Code: [Select]
AddType text/xml .rdf
AddType text/html .xhtml
AddHandler server-parsed .xhtml
AddHandler application/x-httpd-php .htm .html .xhtml

Options All -Indexes

RewriteEngine on

# Don't steal our content
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://passwordmaker.org/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://passwordmaker.org$      [NC]
RewriteCond %{HTTP_REFERER} !^http://passwordmaker.org/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://passwordmaker.org$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.passwordmaker.org/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.passwordmaker.org$      [NC]
RewriteCond %{HTTP_REFERER} !^http://forums.passwordmaker.org/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://forums.passwordmaker.org$      [NC]
RewriteCond %{HTTP_REFERER} !^http://s11.invisionfree.com/PasswordMaker/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://s11.invisionfree.com/PasswordMaker$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|xpi)$ - [F,NC]

#Domain redirect
RewriteCond %{HTTP_HOST}   !^passwordmaker\.org$ [NC]
RewriteRule .*   http://passwordmaker\.org%{REQUEST_URI} [L,R=301]

# Redirects to HTTPS - thanks miquelfire
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/installation\.html$ [OR]
RewriteCond %{REQUEST_URI} ^/installation2\.html$ [OR]
RewriteCond %{REQUEST_URI} ^/passwordmaker\.html$ [OR]
RewriteCond %{REQUEST_URI} ^/konfabulator\.html$ [OR]
RewriteCond %{REQUEST_URI} ^/ie\.html$
RewriteRule .*\.html https://passwordmaker\.org%{REQUEST_URI} [L,R=301]

# Redirects the pages that shouldn't be HTTPS to HTTP - thanks miquelfire
# Note the lack of [OR]
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_URI} !^/installation\.html$
RewriteCond %{REQUEST_URI} !^/installation2\.html$
RewriteCond %{REQUEST_URI} !^/passwordmaker\.html$
RewriteCond %{REQUEST_URI} !^/konfabulator\.html$
RewriteCond %{REQUEST_URI} !^/ie\.html$
RewriteRule .* http://passwordmaker\.org%{REQUEST_URI} [L,R=301]

Thanks,
Eric

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #39 on: November 03, 2005, 06:24:14 PM »
Quote
RewriteRule .*\.html https://passwordmaker\.org%{REQUEST_URI}
This prevents xhtml pages from redirecting to http://. Go to https://passwordmaker.org/ie.html then click on Manual->Introduction. This should change back to HTTP...

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HTTPS / SSL
« Reply #40 on: November 04, 2005, 04:18:41 AM »
The final one needs the .*\.html part as well.
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #41 on: November 04, 2005, 12:55:31 PM »
Nah, didn't fix it.

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HTTPS / SSL
« Reply #42 on: November 04, 2005, 02:20:07 PM »
Code: [Select]
# Redirects the pages that shouldn't be HTTPS to HTTP - thanks miquelfire
# Note the lack of [OR]
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_URI} !^/installation\.html$
RewriteCond %{REQUEST_URI} !^/installation2\.html$
RewriteCond %{REQUEST_URI} !^/passwordmaker\.html$
RewriteCond %{REQUEST_URI} !^/konfabulator\.html$
RewriteCond %{REQUEST_URI} !^/ie\.html$
RewriteRule .*\.html$ http://passwordmaker\.org%{REQUEST_URI} [L,R=301]
That should make it so that only html files will work. I'll check it out at home and see what I can come up with.

Note: I noticed that the redirects gets into your broswer's cache, which makes it a pain to debug.
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HTTPS / SSL
« Reply #43 on: November 04, 2005, 10:54:22 PM »
Quote
That should make it so that only html files will work. I'll check it out at home and see what I can come up with.
I know, but I need it to work for .xhtml pages, too; e.g.,

Code: [Select]
RewriteRule .*\.?html$ http://passwordmaker\.org%{REQUEST_URI}]http://passwordmaker\.org%{REQUEST_URI} [L,R=301]
I'll just try that.
« Last Edit: November 04, 2005, 10:55:27 PM by Eric H. Jung »

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HTTPS / SSL
« Reply #44 on: November 05, 2005, 02:35:41 AM »
Wrong, I think you meant to include a x before hand.
Code: [Select]
#easy way to add extensions, just a list of pipe separated extensions
RewriteRule .*\.(html|xhtml)$ http://passwordmaker\.org%{REQUEST_URI}]http://passwordmaker\.org%{REQUEST_URI} [L,R=301]
"I'm not drunk, just sleep deprived."

PasswordMaker Forums

HTTPS / SSL
« Reply #44 on: November 05, 2005, 02:35:41 AM »