IE responds differently than Firefox upon http to https

Fix it!!

IE responds differently than Firefox upon http to https

Postby elbowlobstercowstand » Thu Mar 01, 2007 12:59 am

A bit of an absurd IE issue has being plague-ing me as of late. First, here is the code that works wonders in firefox. The purpose of this code is to make certain pages only viewable in https, and others only viewable in http. Again, it rocks (works great) in firefox 2.0...

Code: Select all
# Redirect secure pages to HTTPS if requested with HTTP
# IF uri does NOT contain a .css file AND...
# IF server port is NOT 443 AND...
# IF the uri contains login.php OR edit_billing.php OR etc...
# THEN make it secure with https
RewriteCond %{REQUEST_URI} !^/(style\.css|urchin\.js)$
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} ^/(login\.php|edit_billing\.php)$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
#
# Redirect non-secure pages to HTTP if requested by HTTPS
# IF uri does NOT contain a .css file AND...
# IF port is 443 AND...
# IF the uri does NOT contain login.php OR edit_billing.php OR etc...
# THEN make it insecure
RewriteCond %{REQUEST_URI} !^/(style\.css|urchin\.js)$
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/(login\.php|edit_billing\.php)$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]


Just to be totally redundant, firefox displays the coveted padlock, https shows in the title bar, and there are no hickups. 100% secure...

However, IE is a different story. I tested it in IE, version 6.0, with default install; you know, the config that automatically warns you when traversing from http to https and vis versa. So here's what happens when I go to the following uri:

http://www.example.com/login.php

1) A normal IE warning: "you are about to view pages over a secure connection". This is normal.
2) The page loads, with the new uri as expected (https://www.example.com/login.php) without any logos.
3) A message pops up that says: "you are about to leave a secure connection..."
4) That happens for each gif (2 are in an external css file, 2 are normal img calls)... so for me, I click yes to four "insecure" messages....
5) No padlock, and definitely no buyer confidence

Any help would be tremendously appreciated! (as I've searched high and lo, to and fro for the solution).
elbowlobstercowstand
 
Posts: 3
Joined: Thu Mar 01, 2007 12:17 am

Postby richardk » Fri Mar 02, 2007 11:05 am

When you go to the secure page, the browser requests (secure images and is redirected to) insecure images. This could be a security issue, so it warns the you. You just have to make it not redirect images and CSS (and JavaScript?).

Replace
Code: Select all
!^/(style\.css|urchin\.js)$

with
Code: Select all
!\.(css|jpe?g|bmp|js|png|gif)$ [NC]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby elbowlobstercowstand » Tue Mar 20, 2007 7:51 am

Richard! Thank you SO MUCH! Seriously, I was worried I would never be able to figure this out, but your one line of code fixed everything for me. Know that I am super appreciative of the time you took to respond (sorry for my long response time, I guess i have been enjoying the fix too much).

It blows me away that people like you are so kind to the coding community. After you solved my problem in such a stellar way, I probably told 7 people about how cool it is that you do this for so many people on a daily basis. They all asked why, and I assumed and said "he must just be a really nice guy that likes to help people." So is that why?

Is there a way I can show my appreciation more? Donations perhaps?
elbowlobstercowstand
 
Posts: 3
Joined: Thu Mar 01, 2007 12:17 am

Postby richardk » Tue Mar 20, 2007 12:35 pm

So is that why?

Nope, it's court ordered community service. :wink:

Is there a way I can show my appreciation more? Donations perhaps?

No. It's better this way.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby elbowlobstercowstand » Wed Mar 21, 2007 8:49 am

Funny! :D Well, dang Richard, thanks for being just genuinely kind. I hope that you have a blessed life, and I'll probably be back again someday...
elbowlobstercowstand
 
Posts: 3
Joined: Thu Mar 01, 2007 12:17 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 11 guests

cron