danil0 Posted April 6, 2007 Posted April 6, 2007 I installed the SSL paths and everything works fine. But I want to avoid the Alerting on every SSL page. When the browser goes to my SSL paths, the browser alerting me on every page and asking me the same thing. The alerting message has title 'Security Information' and the message sais 'This page contains both secure and non secure items. Do you want to display the non secure items?' "Yes, No, More info" I have visited many pages with https://..... but they dont have this message. Is there any way to avoid it?
danil0 Posted June 13, 2007 Author Posted June 13, 2007 I installed the SSL paths and everything works fine. But I want to avoid the Alerting on every SSL page. When the browser goes to my SSL paths, the browser alerting me on every page and asking me the same thing. The alerting message has title 'Security Information' and the message sais 'This page contains both secure and non secure items. Do you want to display the non secure items?' "Yes, No, More info" I have visited many pages with https://..... but they dont have this message. Is there any way to avoid it? ...any ideas for this??
♥Vger Posted June 13, 2007 Posted June 13, 2007 Post your includes/configure.php file, minus all of the database info at the bottom. Vger
danil0 Posted June 13, 2007 Author Posted June 13, 2007 Post your includes/configure.php file, minus all of the database info at the bottom. Vger // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.perfect-nails.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.ssl-id.de/perfect-nails.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.perfect-nails.com'); define('HTTPS_COOKIE_DOMAIN', 'https://www.ssl-id.de/perfect-nails.com'); define('HTTP_COOKIE_PATH', '/catalog4/'); define('HTTPS_COOKIE_PATH', '/catalog4/'); define('DIR_WS_HTTP_CATALOG', '/catalog4/'); define('DIR_WS_HTTPS_CATALOG', '/catalog4/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/strato/www/pe/www.perfect-nails.com/htdocs/catalog4/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DB_SERVER', 'rdbms.strato.de'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'U156****'); define('DB_SERVER_PASSWORD', '**************'); define('DB_DATABASE', 'DB156*****'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' thank you
oschellas Posted June 14, 2007 Posted June 14, 2007 Can you make a little test as described in this post?
oschellas Posted June 14, 2007 Posted June 14, 2007 Another problem is that your secure pages contain links to unsecure items (for example babelfish.altavista.com).
danil0 Posted June 15, 2007 Author Posted June 15, 2007 Another problem is that your secure pages contain links to unsecure items (for example babelfish.altavista.com). thanxs ... I ll check this out... patrioti ;)
♥Vger Posted June 15, 2007 Posted June 15, 2007 Change this: define('HTTPS_COOKIE_DOMAIN', 'https://www.ssl-id.de/perfect-nails.com'); to this: define('HTTPS_COOKIE_DOMAIN', 'www.ssl-id.de/perfect-nails.com'); In your Flash file there are two references to downloads from the MacroMedia website and they both have http:// links - change them ot https:// Vger
danil0 Posted June 16, 2007 Author Posted June 16, 2007 Change this: define('HTTPS_COOKIE_DOMAIN', 'https://www.ssl-id.de/perfect-nails.com'); to this: define('HTTPS_COOKIE_DOMAIN', 'www.ssl-id.de/perfect-nails.com'); In your Flash file there are two references to downloads from the MacroMedia website and they both have http:// links - change them ot https:// Vger SORRY but I tried everything. Exept your tries, I tried to remove from account.php the columns (left+right) and the header with flashes ... but it stell shows me the f****ing message. Only in IE7 not in Firefox. Where the hell is the problem??
oschellas Posted June 16, 2007 Posted June 16, 2007 The problem is that the page still has references to unsecured items, click the privacy report icon (IE7 down right) or on the padlock / media (Firefox down right) to see these items. Your padlock also fails in Firefox.
♥Vger Posted June 16, 2007 Posted June 16, 2007 Even when on an https page the base href remains http: <base href="http://www.perfect-nails.com/catalog4/"> This image link is hardcoded to http: <img src="http://www.perfect-nails.com/catalog4/images/pixel_trans.gif" width="1" height="1" onload="hideIt()"> Vger
danil0 Posted June 17, 2007 Author Posted June 17, 2007 The problem is that the page still has references to unsecured items, click the privacy report icon (IE7 down right) or on the padlock / media (Firefox down right) to see these items. Your padlock also fails in Firefox. In this report I see that there are many cookies blocked. Is this means that I have to change the path of all these blocked items from http://www.perf..... to inside paths like ../../ etc ?
oschellas Posted June 17, 2007 Posted June 17, 2007 The osc images should automatically switch to the https location, but in your site they still refer to http. Did you try the test from my previous post, create a file with: echo 'SSL Status: ' . getenv('HTTPS'); If the result is not equal to on, you could try the hack as described here.
danil0 Posted June 17, 2007 Author Posted June 17, 2007 I tried everything .. seems like nothing works... mabe i will turn off ssl protection.
oschellas Posted June 17, 2007 Posted June 17, 2007 Thats one way to solve the problem, though I would be curious to the cause. What result did you get when you echoed 'SSL Status: ' . getenv('HTTPS'); under SSL?
danil0 Posted June 17, 2007 Author Posted June 17, 2007 Thats one way to solve the problem, though I would be curious to the cause. What result did you get when you echoed 'SSL Status: ' . getenv('HTTPS'); under SSL? I m not expert in php and English also, so leasen what I figure and what I did. I "paste" your line in an empty txt file. I renamed it to test.php and I put it in catalog/ directory. I write the path on explorer and nothing happens. What was your thought about it? Sorry about my poorness ...
oschellas Posted June 18, 2007 Posted June 18, 2007 What are the results when put following content in your test.php and when you visit the file by https://www.... <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?>
danil0 Posted June 18, 2007 Author Posted June 18, 2007 What are the results when put following content in your test.php and when you visit the file by https://www.... <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> ok the results: HTTP HOST: www.perfect-nails.com Server Port: 443 SSL Status: Fowarded Server: Fowarded Host: Fowarded By: so ?
oschellas Posted June 18, 2007 Posted June 18, 2007 It confirms that the server is not able to detect the SSL status correctly (server configuration). You have to apply this hack. In this hack replace: (getenv('HTTPS') == '1') By: (getenv('SERVER_PORT') == '443') This would fix the main part (if not all) of the unsecured items.
yofresh Posted June 18, 2007 Posted June 18, 2007 Check with your ssl-Provider and ask how the SSL-certificate exactly is issued. The problem you are telling about normaly occurs, when you use a different domain than what is issued in the certificate. For example: Certificate is issued to "ssl-blabla.com" and you use "www.ssl-blabla.com". Then you will always become the notifications you are talking about. I hope this will help Regards, Ralf
danil0 Posted June 18, 2007 Author Posted June 18, 2007 I tried both .... but nothing again ... It still see the images in http mode and not https .... I can not understand it
oschellas Posted June 18, 2007 Posted June 18, 2007 I don't have other clues, I could have a look at the code if you would pm me the ftp info. Otherwise I hope someone else has a clue about this matter...
yofresh Posted June 18, 2007 Posted June 18, 2007 I see that you have unsecure content on your website http://www.google-analytics.com/urchin.js maybe you should check with google about that...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.