Search Results

Search found 7249 results on 290 pages for 'https everywhere'.

Page 14/290 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21 | Next Page >

Which SSL do I need?

- by Maik Klein

I need to buy a ssl certificate. Now there are so many different alternatives with a huge price range. I know the very basic differences of browser compatibility and security level. But I need a "cheap" ssl certificate. My homepage looks like this http://www.test.com Now if I go to the loginpage i should switch to https like this https:/www.test.com/login I am also considering to secure the whole site if the user has singed in. Now there are sites which are offering SSl for 7$/year. Would this do the job? Or would you recommend me to get something more expensive like this one? I want to add paypal support in a later version of my website and I don't want to save money on the wrong end. What would you recommend me?

Read the article
Redirecting traffic to a https site

- by Saif

In our mail server there are multiple virtual email domain hosted. User can use webmail.example.com (this is the first apache virtualhost) to check mail or they can use mail.THEIR-DOMAIN.com. If the put mail.THEIR-DOMAIN.com apache shows the webmail.example.com as it is the first virtualhost and mail.THEIR-DOMAIN.com doesn't exist. Recently we imposed https for webmail.example.com and added this mod_rewrite rule: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} But now users not getting the default webmail page as they were getting before. How can we redirect all request coming to the URL "mail.ANY-DOMAIN.com" to "https://webmail.example.com"? I've tried the following but it didn't work: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (mail.*) https://webmail.example.com Thanks for your help in advance.

Read the article
Safari can’t establish a secure connection to the server

- by gdelfino

I realize there is another question with the same title, but my situation is very different. The problem started on three of my computers after upgrading from Leopard to Snow Leopard. I can login to gmail and facebook using https with no problem. I can not login to https://identi.ca/main/login or https://seminars.wolfram.com/ or https://panopticlick.eff.org with Safari, works fine with Firefox. Already tried "Safari Reset..." Any ideas?

Read the article
How do I configure a site in IIS 7 for SSL with a wildcard certificate?

- by michielvoo

We have an Windows 2008 server with IIS 7 to test sites we develop for our clients. Each site has a binding on a subdomain: clienta.example.com clientb.example.com clientc.example.com (* Using example.com to protect the innocent) For one of these sites we now have to test if it works over https. So I have created a wildcard certificate request with *.example.com as the common name. I have received the certificate (issued by PositiveSSL SA) and completed the request. The certificate is now installed in IIS. Now I have added an https binding to the second site with the following settings: type: https IP address: All Unassigned Port: 443 Host name: clientb.example.com SSL certificate: *.example.com Browsing the site over regular http works fine. When I try to browse the site over https I get the following errors (depending on the browser used): Chrome This webpage is not available Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error. Firefox Unable to connect Firefox can't establish a connection to the server at clientb.example.com Firebug says Status: Aborted Internet Explorer Internet Explorer cannot display the webpage I have checked Failed Request Tracing, and according to the log the request was completed with status 200. I have run the SSL Diagnostics Tool with the following result: System time: Fri, 04 Mar 2011 14:04:35 GMT Connecting to 192.168.2.95:443 Connected Handshake: 115 bytes sent Handshake: 3877 bytes received Handshake: 326 bytes sent Handshake: 59 bytes received Handshake succeeded Verifying server certificate, it might take a while... Server certificate name: *.example.com Server certificate subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.example.com Server certificate issuer: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=PositiveSSL CA Server certificate validity: From 2-3-2011 1:00:00 To 2-3-2012 0:59:59 1:00:00 To 2-3-2012 0:59:59 HTTPS request: GET / HTTP/1.0 User-Agent: SSLDiag Accept:*/* HTTPS: 85 bytes of encrypted data sent HTTPS: 533 bytes of encrypted data received Status: HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 04 Mar 2011 14:04:35 GMT Connection: close Content-Length: 315 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Not Found</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Not Found</h2> <hr><p>HTTP Error 404. The requested resource is not found.</p> </BODY></HTML> HTTPS: server disconnected Final handshake: 37 bytes sent successfully Q: What can I do to make this work?

Read the article
How to get a *.cer file to add a self-signed HTTPS certificate as trusted for Java

- by pako

I'm connecting to a HTTPS website with a self-signed certificate using a Java applet. The applet can't open the HTTPS connection - it returns the following exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target So the problem is that I need to add the certificate as "trusted" for Java. I read that I should use the following command: keytool -import -alias abc -file ABCCA.cer Am I correct? How do I retrieve the *.cer file? The server is running Debian 5. I'm using Windows 7 and Java 6 on the client machine.

Read the article
Is there a way for IIS6 to do http and https together in the same site?

- by puffpio

The site needs to be accessible both from HTTP and HTTPS (in case the client wants the form submissions to be secure or not) The site is hosted in IIS6 and ideally I'd like to be able to just have one website in there and it can handle both http and https..is this possible? alternatively i was thinking maybe creating a "secure" subdirectory in the site and duplicating everything in there as well..is that feasible? this is further complicated that it is using asp.net 3.5's routing ability to do url rewrites so even if I create a secure subdirectory, i dunno if it will actually pick up that it's supposed to be SSL approved

Read the article
Need only to change links from https to http to access files with no SSL?

- by spirytus

I have SSL enabled for subdomain.mydomain.com so I can access files via https://subdomain.mydomain.com. Now please tell me if I'm right.. if I have file somwhere in subdomain.mydomain.com called index.php I can securely access it via: https://subdomain.mydomain.com/someFolder/index.php but I can also access it via http://subdomain.mydomain.com/someFolder/index.php This time communication won't be encrypted though. So now it comes down to links only if I access files in subdomain.mydomain.com securely or not? I will have another related question (and many more probably), but will post it as separate topic to keep things clean :)

Read the article
PHP - login to a remote server, trough my own server, with HTTPS, cookies and proxy, and downloading the html

- by Yunga Mohani

Hello, so what i am trying to do is this: login to the other server with a PHP on my own server (either with my username and pass/or with my cookies) then have access to the page i want to display/download i want to write a PHP script that is located on my own server, that automatically does a login to another server, that uses HTTPS and a web form for login. after the login i have access to that page that i am trying to download. i dont know if it would be possible to login and download the html only with the cookies that i have in my browser through a previous login, or if i need to do the login in my php script through some https login method. can i do any of this with curl or fsocksopen or what would be the best way to realize this? thanks in advance!

Read the article
Problem with redirecting *.domain.com & domain.com to www.domain.com for HTTPS

- by Mat E.

We have a site I'll call acme.com. Most of the time you see http://www.acme.com and sometimes we redirect you to https://www.acme.com. We want to redirect anyone going to http://acme.com or http://*.acme.com to http://www.acme.com, and the same for https. (It's mainly to avoid the alert you get if you go to https://acme.com instead of https://www.acme.com) Our vhost file is at the end of the post. It works nicely except for one strange behavior: http://acme.com - successfully redirects to http://www.acme.com http://www.acme.com - successfully does not redirect http://foo.acme.com - successfully redirects to http://www.acme.com https://acme.com - successfully redirects to https://www.acme.com https://www.acme.com - successfully does not direct https://foo.acme.com - ERROR - redirects to http://www.acme.com It's this last result I can't fathom. I've tried a lot of trial and error solutions from Google & Stack Overflow but nothing seems to change it. Even if we swap the order of the configurations (so that 443 is before 80) it still redirects https://foo.acme.com to http://www.acme.com We are running Apache/2.2.12 on Ubuntu. Here's the configuration file: <VirtualHost *:80> ServerName www.acme.com ServerAlias acme.com *.acme.com ServerSignature On DocumentRoot /var/www/acme.com/public RailsEnv 'production' PassengerHighPerformance on <Directory /var/www/acme.com/public> AllowOverride all Options -MultiViews </Directory> SSLEngine Off CustomLog /var/log/apache2/acme.log combined ErrorLog /var/log/apache2/acme-error.log # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName www.acme.com ServerAlias acme.com *.acome.com DocumentRoot /var/www/acme.com/public RailsEnv 'production' PassengerHighPerformance on <Directory /var/www/acme.com/public> AllowOverride all Options -MultiViews </Directory> SSLCertificateFile /etc/ssl/certs/www.acme.com.crt SSLCertificateKeyFile /etc/ssl/private/acme.com.private.key SSLCACertificateFile /etc/ssl/certs/EV_intermediate.crt SSLEngine On CustomLog /var/log/apache2/ssl-acme.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ErrorLog /var/log/apache2/ssl-acme-error.log # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn RewriteEngine On RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ RewriteRule ^/(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L] </VirtualHost>

Read the article
Apache: Setting up a reverse proxy configuration with SSL with url rewriting

- by user1172468

There is a host: secure.foo.com that exposes a webservice using https I want to create a reverse proxy using Apache that maps a local http port on a server internal.bar.com to the https service exposed by secure.foo.com Since it a web service I need to map all urls so that a path: https://secure.foo.com/some/path/123 is accessible by going to: http://internal.bar.com/some/path/123 Thanks. I've gotten this far: <VirtualHost *:80> ServerName gnip.measr.com SSLProxyEngine On ProxyPass / https://internal.bar.com/ </VirtualHost> I think this is working except for the url rewriting. Some resources I've found on this are: Setting up a complex Apache reverse proxy Apache as reverse proxy for https server

Read the article
Apache: redirect to https before AUTH for server-status

- by Putnik

I want to force https and basic auth for server-status output (mod_status). If I enable auth and user asks for http://site/server-status apache first asks for pass, then redirects to httpS, then asks for pass again. This question is similar to Apache - Redirect to https before AUTH and force https with apache before .htpasswd but I cannot get it work because we are speaking not about generic folder but Location structure. My config (shortly) is as follows: <Location /server-status> SSLRequireSSL <IfModule mod_rewrite.c> RewriteEngine on RewriteBase /server-status RewriteCond %{HTTPS} off RewriteCond %{SERVER_PORT} 80 RewriteRule ^ - [E=nossl] RewriteRule (.*) https://site/server-status} [R=301,L] </IfModule> SetHandler server-status Order deny,allow Deny from all Allow from localhost ip6-localhost Allow from 1.2.3.0/24 Allow from env=nossl AuthUserFile /etc/httpd/status-htpasswd AuthName "Password protected" AuthType Basic Require valid-user Satisfy any </Location> I assume Allow from env=nossl should allow everyone with RewriteCond %{HTTPS} off and server port 80, then force it to redirect but it does not work. Please note, I do not want force to SSL the whole site but /server-status only. If it matters the server has several sites. What am I doing wrong? Thank you.

Read the article
How to have a shell script available everywhere I SSH to

- by aib

I have a shell script which I simply cannot do without: bar from Theiling Online I use SSH a lot and on a variety of *nix servers. However, I am not a system administrator and usually don't have the time or privileges to install it on every server I connect to. It is apparently a very portable sh script and has command line options to export itself as a shell function, which got me thinking: Could I use one of OpenSSH's subjectively obscure features to export it everywhere I go? My first thought was to assign the source to an environment variable like BAR = "cat -v" and then execute it on the other side as `$BAR`, but 1) I can't even get the cat example to to work locally, 2) I don't know how to put the script's actual multiline source into an environment variable and 3) I have yet to see a machine with PermitUserEnvironment enabled. I guess I could even do with an ssh option to write a file called ~/bar at logon, but a more volatile solution would be better. Calling wget http://.../bar at logon would be unacceptable. Any ideas? P.S. Putty-specific solutions, though I doubt any would exist, are also fine.

Read the article
.htaccess redirect https to http not working

- by Ira Rainey

I am trying to catch any https traffic to the front of my site so: https://www.domain.com is redirected to: http://www.domain.com However other subdomains need to be redirected elsewhere. For the most part this is all working, apart from the https - http redirection. Here's my .htaccess file at the moment: RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} RewriteCond %{HTTP_HOST} ^domain\.com [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301] RewriteCond "%{HTTP_HOST}" !^www.* [NC] RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$ RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [L,R=301] It would seem that this bit: RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} isn't working as I would imagine. In fact it doesn't seem to redirect at all. In another subdirectory I have the opposite in effect which works fine: RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} so my thinking is the opposite should have done the job, but seemingly not. Any thoughts anyone?

Read the article
Java getInputStreat SocketTimeoutException instead of NoRouteToHostException

- by Jon

I have an odd issue happening when trying to open multiple Input Streams (in separate threads) on Linux (RHEL). The behaviour works as expected on windows. I am kicking off 3 threads to open https connections to 3 different servers. All three are invalid IP addresses (in this test case), so I expect an NoRouteToHostException for each of them. The first two return these as expected, and quite quickly. (see stack trace below) However the third (and 4th when I tested it that way) do NOT give a no route exception. They wait for ages, and then give a SocketTimeoutException (see other stack trace below). This takes ages to come back, and does not accurately express the connection issue. The offending line of code is: reader = new BufferedReader(new InputStreamReader(conn.getInputStream())); Has anyone seen something like this before? Are there multi-threading issues with sockets on REHL or some limit somewhere to how many can connect at once...or...something? Expected stack trace, as received for first two: java.net.NoRouteToHostException: No route to host at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:559) at sun.net.NetworkClient.doConnect(NetworkClient.java:158) at sun.net.www.http.HttpClient.openServer(HttpClient.java:394) at sun.net.www.http.HttpClient.openServer(HttpClient.java:529) at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:272) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:916) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1177) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) Unexpected stack trace, as received on 3rd: java.net.SocketTimeoutException: connect timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:559) at sun.net.NetworkClient.doConnect(NetworkClient.java:158) at sun.net.www.http.HttpClient.openServer(HttpClient.java:394) at sun.net.www.http.HttpClient.openServer(HttpClient.java:529) at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:272) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:916) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1177) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)

Read the article
The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via

- by isg

I am trying to make a WCF service over basicHttpBinding to be used over https. Here's my web.config: <service behaviorConfiguration="MyServices.PingResultServiceBehavior" name="MyServices.PingResultService"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="defaultBasicHttpBinding" contract="MyServices.IPingResultService"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> ... <bindings> <basicHttpBinding> <binding name="defaultBasicHttpBinding"> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </basicHttpBinding> </bindings> ... I am connecting using WCFStorm which is able to retrieve all the meta data properly, but when I call the actual method I get: The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via Any ideas?

Read the article
Twitter Finally Adds “Always use HTTPS” Option, You Should Enable It Now

- by ETC

From the “It’s about time” department: Twitter has finally joined Facebook and Gmail with a new “Always Use HTTPS” option in the preferences. If you use the twitter.com site, you should enable it right now. If you’re using Facebook without the encryption enabled, you should definitely learn how to make your Facebook session more secure as well. Twitter Blog: Making Twitter more secure: HTTPS Internet Explorer 9 Released: Here’s What You Need To KnowHTG Explains: How Does Email Work?How To Make a Youtube Video Into an Animated GIF

Read the article
HTTPS : Google anticipe les attaques par décryptage rétrospectif sur ses services, et promeut la confidentialité persistante

HTTPS : Google anticipe les attaques par décryptage rétrospectif Sur ses services et promeut la confidentialité persistante Google anticipe un risque lointain et néanmoins palpable qui pèse sur les connexions sécurisées. Il annonce l'activation sur ses services de la technique dite de Confidentialité persistante. La majorité des implémentations actuelles du HTTPS reposent sur une clé privée connue uniquement par le serveur. Ce dernier l'utilise pour générer des clés de sessions et chiffrer ses échanges avec les clients. Que se passera-t-il dans 10 ans, quand les ordinateurs seront tellement plus puissants que casser une clé privée sera plus facile ? Des attaques de décrypta...

Read the article
Impact of migrating home page from http to https on search results

- by 2Stroke SEO

Guys - I've just had to change one of my site's home page to https from http. I had plenty links coming into the http page and was performing well in Google against many of my targeted search phrases. I did a 301 redirect from the http page to transfer the link juice to the https page (and to prevent duplicate content issues), but my search rankings have tanked which indicates no link juice has been transferred. My PR has vanished - which I'd expect - but I'm really surprised that the SERP rankings fell off the face of the earth. Anyone have any ideas how I can recover this. I've waited a couple of months since the changes took effect just in case Google was taking time to check it out.

Read the article
Impact of migrating home page from HTTP to HTTPS on search results

- by 2Stroke SEO

I've had to change one of my site's home page to HTTPS from HTTP. I had plenty of links coming into the HTTP page and was performing well in Google against many of my targeted search phrases. I did a 301 redirect from the HTTP page to transfer the link juice to the HTTPS page (and to prevent duplicate content issues) but my search rankings have tanked which indicates no link juice has been transferred. My PageRank has vanished - which I'd expect - but I'm really surprised that the SERP rankings fell off the face of the earth. Anyone have any ideas how I can recover from this? I've waited a couple of months since the changes took effect just in case Google was taking time to check it out.

Read the article
nginx proxypath https redirect fails without trailing slash

- by Thermionix

I'm trying to setup Nginx to forward requests to several backend services using proxy_pass. The links on the pages that lack trailing slashes do have https:// in front, but get redirected to a http request with a trailing slash - which ends in connection refused - I only want these services to be available through https. So if a link is too https://example.com/internal/errorlogs in a browser when loaded https://example.com/internal/errorlogs gives Error Code 10061: Connection refused (it redirects to http://example.com/internal/errorlogs/) If I manually append the trialing slash https://example.com/internal/errorlogs/ it loads I've tried with varied trailing forward slashes appended to the proxypath and location in proxy.conf to no effect, have also added server_name_in_redirect off; This happens on more than one app under nginx, and works in apache reverse proxy Config files; proxy.conf location /internal { proxy_pass http://localhost:8081/internal; include proxy.inc; } .... more entries .... sites-enabled/main server { listen 443; server_name example.com; server_name_in_redirect off; include proxy.conf; ssl on; } proxy.inc proxy_connect_timeout 59s; proxy_send_timeout 600; proxy_read_timeout 600; proxy_buffer_size 64k; proxy_buffers 16 32k; proxy_pass_header Set-Cookie; proxy_redirect off; proxy_hide_header Vary; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_set_header Accept-Encoding ''; proxy_ignore_headers Cache-Control Expires; proxy_set_header Referer $http_referer; proxy_set_header Host $host; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Proto https; curl output -$ curl -I -k https://example.com/internal/errorlogs/ HTTP/1.1 200 OK Server: nginx/1.0.5 Date: Thu, 24 Nov 2011 23:32:07 GMT Content-Type: text/html;charset=utf-8 Connection: keep-alive Content-Length: 14327 -$ curl -I -k https://example.com/internal/errorlogs HTTP/1.1 301 Moved Permanently Server: nginx/1.0.5 Date: Thu, 24 Nov 2011 23:32:11 GMT Content-Type: text/html;charset=utf-8 Connection: keep-alive Content-Length: 127 Location: http://example.com/internal/errorlogs/

Read the article
IIS URL Rewrite - Redirect any HTTPS traffic to sub-domain

- by uniquelau

We have an interesting hosting environment that dictates all secure traffic must travel over a specific sub domain. E.g. http://secure.domain.com/my-page I'd like to handle this switch using URL Rewrite, i.e. at server level, rather than application level. My cases are: https://secure.domain.com/page = NO CHANGE, remains the same https://domain.com/page = sub-domain inserted, https://secure.domain.com/page https://www.domain.com/page = remove 'www', insert sub-domain In my mind the logic is: INPUT = Full Url = http://www.domain.com/page If INPUT contains HTTPS Then check Full URL, does it contain 'secure'? If YES do nothing, if no add 'secure' If INPUT contains 'www' remove 'www' The certificate is not a wild card (e.g. top level domain) and is issues to: https://secure.domain.com/ The website could also be hosted in a staging environment. E.g. https://secure.environment.domain.com/ I do not have control over 'environment' or 'domain' or the 'tld'. Laurence - Update 1, 19th August So as mentioned below, the trick here is to avoid a redirect loop that could drive anyone well loopy. This is what I propose: One rule to force certain traffic to the secure domain: <rule name="Force 'Umbraco' to secure" stopProcessing="true"> <conditions logicalGrouping="MatchAll"> <add input="{REQUEST_URI}" pattern="^/umbraco/(.+)$" ignoreCase="true" /> <add input="{HTTP_HOST}" negate="true" pattern="^secure\.(.+)$" /> </conditions> <action type="Redirect" url="https://secure.{HTTP_HOST}/{R:0}" redirectType="Permanent" /> </rule> Another rule, that then removes the secure domain, expect for traffic on the secure domain. <rule name="Remove secure, expect for Umbraco" stopProcessing="true"> <match url="(.*)" ignoreCase="true" /> <conditions logicalGrouping="MatchAll"> <add input="{HTTP_HOST}" pattern="^secure\.(.+)$" /> <add input="{REQUEST_URI}" negate="true" pattern="^/umbraco/(.+)$" ignoreCase="true" /> </conditions>  <action type="Redirect" url="http://staging.domain.com/{R:0}" appendQueryString="true" redirectType="Permanent" /> </rule> This works for a single directory or group of files, however I've been unable to add additional logic into those two rules. For example you might have 3 folders that need to be secure, I tried adding these as Negate records, but then no redirection happens at all. Hmmm! L

Read the article
Redirect traffic to https

- by Arpanet

I need to redirect the following instances to https://www.mydomain.com; mydomain.com www.mydomain.com http://www.mydomain.com I have the following in my .htaccess already, but this only redirects mydomain.com to https://www.mydomain.com; <IfModule mod_rewrite.c> RewriteCond %{HTTPS} !=on RewriteCond %{HTTP_HOST} !^www\..+$ [NC] RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule> Grateful if anyone could perhaps tell me what I need to add. Thank you.

Read the article
Why won't Javascript assembled Iframe load in IE6 over HTTPS although it will over HTTP?

- by Lauren

The issue: The iframe won't load inside the tags on the review and submit page here: https://checkout.netsuite.com/s.nl/c.659197/sc.4/category.confirm/.f Login:[email protected] pass:test03 To produce problem: - Where it says "Your Third Party Shipper Numbers (To enter one, click here.)", click "here" to see the form that won't load in IE6. It seems to load in every other modern browser. The same form works fine on this page (you have to click on the "order sample" button to see the link to the same form): http://www.avaline.com/R3000_3 Here's the HTML: <div style="border-color: rgb(255, 221, 221);" id="itmSampl"> <div id="placeshipnum" style="display: none;"></div> <div id="sampAdd"> <strong>Your Third Party Shipper Numbers</strong> (To enter one, click <a rel="nofollow" href="javascript:;" onclick="enterShipNum()">here</a>.) <ul style="list-style: none outside none; padding-left: 20px;"> <li><span class="bold">UPS #</span>: 333333</li> <li><span class="bold">FedEx #</span>: 777888999</li> </ul> </div> </div> Upon clicking the "to enter one, click here" link this is the iframe HTML in all browsers except IE6 (in IE6, the "shipnum" div element is assembled, but that's it): <div id="placeshipnum" style="display: block;"> <div id="shipnum" style="background: none repeat scroll 0% 0% rgb(255, 255, 255);"> <div class="wrapper-x"> <a title="close window" class="linkfooter" href="javascript:;" onclick="enterShipNum()"> <img height="11" width="11" alt="close window" src="/c.659197/site/av-template/x-image-browser.gif"> </a> </div> <iframe scrolling="no" height="240" frameborder="0" width="190" src="https://forms.netsuite.com/app/site/crm/externalleadpage.nl?compid=659197&formid=56&h=9b260d2f9bca0fd9c300&[email protected]&firstname=Test&lastname=Account&ck=Q1BnzaRXAe_RfjhE&vid=Q1BnzaRXAd3Rfik7&cktime=87919&cart=5257&promocode=SAMPLE&chrole=1014&cjsid=0a0102621f435ef0d0d4b3cd49ab8b2db4e253c671eb" allowtransparency="true" border="0" onload="hideShipLoadImg()" style="display: block;"></iframe></div></div> This is the relevant Javascript: // Allow for shipper number update var shipNumDisplay=0; function enterShipNum() { if (shipNumDisplay == 0){ //odrSampl(); document.getElementById('placeshipnum').style.display="block"; document.getElementById('placeshipnum').innerHTML='<div id="shipnum"><div class="wrapper-x"> <a onclick="enterShipNum()" href="javascript:;" class="linkfooter" title="close window"> <img height="11" width="11" src="/c.659197/site/av-template/x-image-browser.gif" alt="close window" /> </a> </div><iframe onload="hideShipLoadImg()" scrolling="no" height="240" frameborder="0" width="190" border="0" allowtransparency="true" src="https://forms.netsuite.com/app/site/crm/externalleadpage.nl?compid=659197&formid=56&h=9b260d2f9bca0fd9c300&[email protected]&firstname=Test&lastname=Account&ck=Q1BnzaRXAe_RfjhE&vid=Q1BnzaRXAd3Rfik7&cktime=87919&cart=5257&promocode=SAMPLE&chrole=1014&cjsid=0a0102621f435ef0d0d4b3cd49ab8b2db4e253c671eb"></iframe></div>'; shipNumDisplay=1; } else { document.getElementById('placeshipnum').style.display="none"; document.getElementById('shipnum').parentNode.removeChild(document.getElementById('shipnum')); shipNumDisplay=0; } } function hideShipLoadImg(){ var shipiframe= document.getElementById('shipnum').getElementsByTagName('iframe')[0]; shipiframe.style.display = 'block'; shipiframe.parentNode.style.background = '#fff'; } This is most of the form inside the iframe although I don't think it's relevant: <form style="margin: 0pt;" onsubmit="return ( window.isinited && window.isvalid && save_record( true ) )" action="/app/site/crm/externalleadpage.nl" enctype="multipart/form-data" method="POST" name="main_form" id="main_form"> <div class="field name"> <label for="firstname">First Name <span class="required">*</span></label> <span class="input" id="firstname_fs"><span class="input" id="firstname_val">Test</span></span><input type="hidden" id="firstname" name="firstname" value="Test" onchange="nlapiFieldChanged(null,'firstname');"> </div> <div class="field name"> <label for="lastname">Last Name <span class="required">*</span></label> <span class="input" id="lastname_fs"><span class="input" id="lastname_val">Account</span></span><input type="hidden" id="lastname" name="lastname" value="Account" onchange="nlapiFieldChanged(null,'lastname');"> </div> <div id="ups" class="field"> <label for="custentity4">UPS # </label> <span id="custentity4_fs" style="white-space: nowrap;"><input type="text" id="custentity4" onblur="if (this.checkvalid == true) {this.isvalid=(validate_field(this,'text',false,false) && nlapiValidateField(null,'custentity4'));} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;}" name="custentity4" size="25" onfocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" onchange="setWindowChanged(window, true);this.isvalid=(validate_field(this,'text',true,false) && nlapiValidateField(null,'custentity4'));this.checkvalid=false;if (this.isvalid) {nlapiFieldChanged(null,'custentity4');;}if (this.isvalid) this.isvalid=validate_textfield_maxlen(this,6,true,true);if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" class="input" maxlength="6"></span> </div> <div id="fedex" class="field"> <label for="custentity9">FedEx # </label> <span id="custentity9_fs" style="white-space: nowrap;"><input type="text" id="custentity9" onblur="if (this.checkvalid == true) {this.isvalid=(validate_field(this,'text',false,false) && nlapiValidateField(null,'custentity9'));} if (this.isvalid == false) { selectAndFocusField(this); return this.isvalid;}" name="custentity9" size="25" onfocus="if (this.isvalid == true || this.isvalid == false) this.checkvalid=true;" onchange="setWindowChanged(window, true);this.isvalid=(validate_field(this,'text',true,false) && nlapiValidateField(null,'custentity9'));this.checkvalid=false;if (this.isvalid) {nlapiFieldChanged(null,'custentity9');;}if (this.isvalid) this.isvalid=validate_textfield_maxlen(this,9,true,true);if (!this.isvalid) { selectAndFocusField(this);}return this.isvalid;" class="input" maxlength="9"></span> </div> <div class="field hidden"><input type="hidden" id="email" name="email" value="[email protected]"></div> <div class="field"><label class="submit" for="submitbutton"><span class="required">*</span> Indicates required fields.</label></div> <input type="submit" id="submitbutton" value="submit">  <input type="hidden" value="659197" name="compid"><input type="hidden" value="56" name="formid"><input type="hidden" value="" name="id"><input type="hidden" value="9b260d2f9bca0fd9c300" name="h"><input type="hidden" value="-1" name="rectype"><input type="hidden" value="" name="nlapiPI"><input type="hidden" value="" name="nlapiSR"><input type="hidden" value="ShipValidateField" name="nlapiVF"><input type="hidden" value="" name="nlapiFC"><input type="hidden" value="/app/site/crm/externalleadpage.nl?compid=659197&formid=56&h=9b260d2f9bca0fd9c300&[email protected]&firstname=Test&lastname=Account&ck=Q1BnzaRXAe_RfjhE&vid=Q1BnzaRXAd3Rfik7&cktime=87919&cart=5257&promocode=SAMPLE&chrole=1014&cjsid=0a0102621f435ef0d0d4b3cd49ab8b2db4e253c671eb" name="whence"><input type="hidden" name="submitted"> <iframe height="0" style="visibility: hidden;" name="server_commands" id="server_commands" src="javascript:false"></iframe>  </form>

Read the article
Is it worth using https if you are not doing financial transactions?

- by Scarface

Hey just a quick question for any experts out there. I have a site that lets users interact through messages and to sign up you just make a username and password, verify your age, and optionally, add an email. There isn't really any sensitive information I suppose. Is it worth using https. Will it prevent session hi jacking and will it hinder performance?

Read the article
How do I do an HTTPS request with Erlang?

- by gersh

I tried the inets library but it timeouts. I don't think it supports https. I am trying to use ibrowse, but it isn't working.

Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21 | Next Page >