I do not have access to httpd.conf, but I do have access to .htaccess files in order to do redirects. There are two .htaccess files: one in the unsercure server's root folder and one in the secure subdomain's root folder. I know that redirects in the secure .htaccess file work because successfully redirects a request from http://secure.domain.com to https://secure.domain.com.
When a user clicks a link on the unsecure server that connects to the secure subdomain, redirects are successful (and vice versa). The problem occurs when the user is on the secure site and submits a POST request (like submitting a login form with username and password), I get the Internet Explorer warning:
"You are about to be redirected to a connection that is not secure"
Although the POST request is executing entirely on the secure subdomain server, it appears that the redirects are redirecting via the unsecure server, hence causing the IE warning.
The sequence of code pages goes like this:
1. https://secure.domain.com/login.php (user enters username/password)
2. https://secure.domain.com/process.php (POSTed data goes here for validation)
3. https://secure.domain.com/login.php (redirected to confirm login success)
The following code is found in the secure subdomain's .htaccess file.
- Code: Select all
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R,L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^login\.php$ /login [R=301,L]
RewriteRule ^login$ /login.php [QSA,L]
Is there any way to avoid the IE warning?