I'm having some annoying problems with my domain http://www.armfilmbihar.com..
I have Cloudflare flexible SSL on my joomla 3.3 site, and it makes a https call, IF I type it myself >< When I try to force https to be used on my site via a htaccess file I get a loop error.
On using the page rules from cf website, it is loading but it is showing parts as insecure content and thus blocking. How do I change all of them to https so that content loads with ssl?
Did you try the information in our knowledge base about mixed content?
Related
I have this one page which has an iframe inside of which a survey page is embedded, unfortunately i'm getting "Your connection is not secure" error inside the iframe. Does anyone know how to fix this issue? By the way, the website is SSL certified, not the page i'm trying include inside the iframe. Also this is a php site not wordpress.
Thanks
You are always going to have this problem when an HTTPS page references non secured content. You options are:
move the page hosting the iframe (and its associated content) outwith HTTPS. Although, in theory a HTTP page should be able to reference HTTPS hosted javascript, CSS and images without emitting warnings, this will probably vary by browser
move the survey page into HTTPS. I am guessing that you don't host this yourself - have you contacted the provider to ask if they can provide the service via HTTPS? Have you considered using a different provider?
proxy the HTTP survey page via your server - this would require some clever configuration on the webserver or terminating the SSL connection in front of a proxy operating in reverse mode for your service and rewriting/forwarding mode for the survey. Basically, if you don't control the infrastructure this is probably a non-starter.
re-implement the survey capability within your own site.
Bear in mind that as soon as your site is exposed outside of HTTPS it becomes vulnerable to more attacks.
.htaccess is not going to help - it overrides the behaviour within a vhost - the HTTP and HTTPS sites will operate in seperate vhosts.
I'm testing Flexible SSL on a newly installed Joomla site in preparation for the production site. However it doesn't seem to work.
Using default Joomla configuration: website loads, but content like CSS files and images are not loading, even though all the paths are relative. It's interesting to note that if I access the CSS files directly (with https) they show up fine.
If I configure Joomla for Force SSL, then the notorious redirect loop occurs.
What I've done so far:
- Set up Cloudflare page rule for http://mysub.domain.com/* to redirect to https, and making sure the subdomain mysub is routing through Cloudflare. This part is working, so the redirection works.
Installed and enabled the Cloudflare Joomla plugin
.htaccess file is NOT used in this case
When Joomla's Force SSL is set to No, the Joomla constant JURI::root() returns http://mysub.domain.com, even though the site is accessed via https://mysub.domain.com. This means that internally, Joomla still views this as a http site. The only way to change this is to enable Force SSL, but that will result in the redirection loop.
I have searched everything, from Cloudflare's FAQ to Stackoverflow and Stackexchange, so I'm really out of ideas. Any assistance will be greatly appreciated, thanks!
It is probably best if you contact support for this issue so we can help figure it out. We've seen a similar issue with WordPress that can be resolved by various plugins available in WordPress.
Someone also wrote something up on redirect loops and fixing in .htaccess (don't know if this will help).
To do this, add the following code to your .htaccess
#FileETag none
############################################
## FOR NGINX, LIGHTTPD, VARNISH OR ANY OTHER REVERSE PROXY TO APACHE
SetEnvIf X-Forwarded-Proto https HTTPS=on
Save.
You're done.
:D
Here is my problem:
I have set magento to run under SSL setting the frontend secure option on admin to Yes
The site run under cloudflare
I set a page rule on cloudflare (according to the support instruction) that goes:
http://fabshopper.com/*
Always uses HTTPS
I'm using ultimo theme in magento
When I open the site in the browser it shows the HTTPS connection but most of the content is not load because the links are HTTP (including CSS, Script, images).
Ultimo theme is supposed to create link either HTTP or HTTPS according to the magento settings, but the link I'm getting are HTTP
I ran out off ideas :(
Can anyone give me an hint?
Thanks
I go through link provided by you and found many URLs loaded from insecure server. check below few of them:
The page at 'https://www.fabshopper.com/' was loaded over HTTPS, but displayed insecure content from 'http://www.fabshopper.com/skin/frontend/ultimo/fabshopper/images/fab_shopper.png': this content should also be loaded over HTTPS.
The page at 'https://www.fabshopper.com/' was loaded over HTTPS, but displayed insecure content from 'http://www.fabshopper.com/media/wysiwyg/autumn-cardigans.png': this content should also be loaded over HTTPS.
Just change the HTTP to HTTPS of all insecure urls and it will solve your problem.
I am trying to enforce SSL on a folder (blog admin). That part is fine - all pages are SSL, but the site is generating error messages for insecure contents on the page. I can go after all those links individually, to enforce SSL on the links.
I was wondering if that could be done through htaccess alone?
This is what I have done for SSL enforcing on the admin folder:
#forcing https for admin folder
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} admin
RewriteRule ^(.*)$ https://mysite.com/blog/admin/$1 [R,L]
How can I convert all the non ssl links to ssl on the same page ?
Addition:
1) I am using wordpress 3.6 with different plugins that come along with it. Only the admin areas is SSL, and the rest of it, other than login page (that is outside of admin is also SSL) are non SSL (for example the Blog feed for the end users).
2) A few of insecure contents are coming from my own site, but then there are others which are coming from the plugins I am using. For example disqus commenting system, and flickr.
3) I can force the internal links for images, css, and jscript by simply using 'setting for permalink' on wordpress (noticed the url was provided as http and not https). Similarly, I can locate and fix the other links like this one:
The page at https://mysite.com/blog/wp-login.php ran insecure content
from
http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js?ver=3.6
4) The issue is:
If I use permalink setting, then the blog links are created as https
instead of http, and that breaks the plugins I am using for the non
SSL pages, for example disqus comment feed don't show up on the blog
page. Secondly, The painful process of fixing all the non ssl links.
Also, I can always miss out on some of them, since I am doing it
manually. It would be really helpful, if I could enforce SSL for all
these non SSL links using htaccess, perhaps the only easy solution.
Rewrite rules (which are in in fact redirections, when it's about HTTP to HTTPS) won't help, since by the time the initial plain HTTP request reaches the server, it's too late.
It's the links on the page you serve that must be addressed. This is generally up to the application (e.g. your PHP/CGI applcation) running on the server, not up to the server itself. The server would need to be able to process the content of the responses it sends to replace these links, not just redirect the requests (like mod_rewrite does).
mod_proxy_html (distributed with Apache 2.4 or separately in earlier versions) is a module that can to in-depth processing of the response, but I'm not sure whether it can be used as a post-processing tool for PHP running on the same server, to rewrite the links it sends.
Of course, this won't fix links to external resources that are not available via https:// anyway.
I have to migrate a website from HTTP to HTTPS and keep user experience unchanged (no warning popups). What would be the front end main points to be verified?
I realized I have to make sure all inclusions (CSS, images and JS) have to reference https content, but I'm still not sure about the a(link) href attribute and if there's anything I'm missing.
How to migrate to HTTPS is an excellent migration howto. The steps are:
Get and install certificates
Enable HTTPS on your servers
Make intra-site URLs relative
Redirect HTTP to HTTPS
Turn on strict transport security and secure cookies
Between step 3 and step 4, run through Qualys' best practices and test your site.
Updated Feb 02, 2016
Planning on moving to HTTPS? Here are 13 FAQs! visit https://plus.google.com/+JohnMueller/posts/PY1xCWbeDVC
I done of my website and works perfectly (it depends on the size of your site). My site is local business indexed (2,xxx) on google
1. No effect on SEO Ranking
2. No effect on link juice
Related links will ref to https automatically. All absolute links have to ref to https, unless you configure your htaccess file to redirect all http traffic to https.