asked on

apache https issue with credentials being passed insecurely notification via firefox

Hi, Having set up a website to redirect all connections to https versions of the website firefox gives the following error when trying to log into one of the pages.

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

What might cause this and how do I go about fixing it so that the information is sent securely?

fosiul01

I saw this problem happen if you have picture in your page,

and then when you go to http to https

if the the link of images is not https, it will show that error.

example : if you have a picture which as has path : http://yourdomaoni.com/images/pic1.gif

now when its goes to http to https,

when ssl read the whole page, it sees there is a link which has http://
hence its though the error

its page design issue.

bswinnerton

This is usually because part of the website is unencrypted. For example you may be calling an unsecured javascript or include.

You can usually see what it is in firefox by clicking on the blue part of the favicon and clicking more information. From there you can click the media tab and see what doesn't have https:// before it to see where your leak is.

If you'd like you can post the address of the website and we'll have a look.

bswinnerton

As fosiul01 said, make sure that you're using relative links and not absolute links. If you use relative links e.g: images/navbar.png instead of absolute links: http://mysite.com/navbar.png

KeraDanNaga

ASKER

Hmmm the webpage is using relative links when the redirect line is not in the conf, but using absolute links when the redirect line is in the conf. There is java script and it may be a function calling the section that uses the absolute links. Any ideas?

ASKER CERTIFIED SOLUTION

bswinnerton

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial