KeraDanNaga
asked on
apache https issue with credentials being passed insecurely notification via firefox
Hi, Having set up a website to redirect all connections to https versions of the website firefox gives the following error when trying to log into one of the pages.
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
What might cause this and how do I go about fixing it so that the information is sent securely?
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
What might cause this and how do I go about fixing it so that the information is sent securely?
This is usually because part of the website is unencrypted. For example you may be calling an unsecured javascript or include.
You can usually see what it is in firefox by clicking on the blue part of the favicon and clicking more information. From there you can click the media tab and see what doesn't have https:// before it to see where your leak is.
If you'd like you can post the address of the website and we'll have a look.
You can usually see what it is in firefox by clicking on the blue part of the favicon and clicking more information. From there you can click the media tab and see what doesn't have https:// before it to see where your leak is.
If you'd like you can post the address of the website and we'll have a look.
As fosiul01 said, make sure that you're using relative links and not absolute links. If you use relative links e.g: images/navbar.png instead of absolute links: http://mysite.com/navbar.png
ASKER
Hmmm the webpage is using relative links when the redirect line is not in the conf, but using absolute links when the redirect line is in the conf. There is java script and it may be a function calling the section that uses the absolute links. Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and then when you go to http to https
if the the link of images is not https, it will show that error.
example : if you have a picture which as has path : http://yourdomaoni.com/images/pic1.gif
now when its goes to http to https,
when ssl read the whole page, it sees there is a link which has http://
hence its though the error
its page design issue.