• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 330
  • Last Modified:

apache https issue with credentials being passed insecurely notification via firefox

Hi, Having set up a website to redirect all connections to https versions of the website firefox gives the following error when trying to log into one of the pages.  

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

What might cause this and how do I go about fixing it so that the information is sent securely?
  • 3
1 Solution
I saw this problem happen if you have picture in your page,

and then when you go to http to https

if the the link of images is not https, it will show that error.

example : if you have a picture which as has path : http://yourdomaoni.com/images/pic1.gif

now when its goes to http to https,

when ssl read the whole page, it sees there is a link which has http://
hence its though the error

its page design issue.

This is usually because part of the website is unencrypted. For example you may be calling an unsecured javascript or include.

You can usually see what it is in firefox by clicking on the blue part of the favicon and clicking more information. From there you can click the media tab and see what doesn't have https:// before it to see where your leak is.

If you'd like you can post the address of the website and we'll have a look.
As fosiul01 said, make sure that you're using relative links and not absolute links. If you use relative links e.g: images/navbar.png instead of absolute links: http://mysite.com/navbar.png
KeraDanNagaAuthor Commented:
Hmmm the webpage is using relative links when the redirect line is not in the conf, but using absolute links when the redirect line is in the conf.  There is java script and it may be a function calling the section that uses the absolute links.  Any ideas?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now