I am restricted some folders in my server to http and https using htacess, In some of my non https pages, I need to call a ajax script (php) which is using https (In the same domain), it is not working (https to https are working fine ).
I have tutorials/ path which is rewritten to use http only, i have one more folder(path) ajax/ rewritten to use https and I am making a call from tutorials/ to ajax/, it is failing.
It is the restriction of ajax for security reasons that you can not access any https page from http page. It is recommended that If you want to use https then all of the pages in your website must be accessed using https. To ensure this you should use relative path. If you use related path then http or https will automatically be calculated based on the source page from where you are accessing other page.
Related
Test URL = https://www.uktherapyhub.co.uk/info.php
Code is below
<?php include 'wp-load.php'; ?>
http://adrianmatthewstherapy.co.uk
Above is my code why it is adding the s in after http?
If i remove wp-load,php it works fine.
There's a chance server is programmed to redirect all http requests to https. You have to change server (adrianmatthewstherapy) configuration to allow http request and not redirect them.
If website is configured for HTTPS, you might need to change the other links to follow the secure connection. Specially I've observed google chrome (Version 80.0.3987.122) is converting all the internal links (audio src) to https.
A good reading:
https://support.google.com/blogger/answer/6286127?hl=en
I have an application which is accessed via HTTPS, but is "reverse proxied" to the server using plain HTTP. It is set up on AWS as follows:
[BROWSER] --(https)--> [ELB] --(http)--> [SERVER]
Everything works fine except when a page is being accessed by an unauthenticated user, the server responds with a HTTP 302 redirect using the whole protocol://server/path string. Like so:
Location: http://my.server.com/Account/Login?ReturnUrl=%2F
The problem is, it specifies HTTP as the protocol (presumably because it is being connected to by the ELB using HTTP. So the browser redirects the request using HTTP and now an error occurs. Is there a way to customize the redirect such that it redirects using just the path, so irregardless of protocol or hostname, it is redirected properly? Like so:
Location: /Account/Login?ReturnUrl=%2F
If this is not advisable, what can be done?
(note: I've checked other solutions posted on SO. All I've seen so far involve customizing the Path, not removing the protocol://hostname)
How can you determine the current request URL if using off box SSL termination?
E.g.
Browser has url httpS://yourserver/
SSL Termination decrypts and sends onto http://yourserver
IIS/ASP.NET receives request at http://yourserver
At (3) if you use Context.Request.Url, Page.Request.Url or Page.Request.RawUrl it show a url with a http protocol and not httpS
How do get the public httpS URL that was origionally used at (1) in this case?
The convention used for Microsoft Products is to add a header at the reverse proxy.
Front-End-Https : On
So you know the http url is really https.
You could also add in your own header containing the original URL if you did something like URL translation (e.g. something like "Original-Uri").
This page shows how to do this using IIS AAR as the reverse proxy, though in my testing I could only get headers to pass through if they are prefixed with HTTP_ (which is later stripped out).
how to identify a request( by http redirect ) is from local site or other sites?
such as, i have a site: www.my.com
and www.my.com/a.html will redirect to www.my.com/b.html
other sites will redirect to www.my.com/b.html
how can i identify where the redirect from?
HTTP Referrer may be unbelievable
Server-side you could track IP addresses and match these across requests.
But personally I'd go for the simpler Referrer solution.
See HTTP Referrer Gotchas? for further discussion on this.
Another option you have if you're using dynamic content generation (eg ASP, PHP, etc) is to use URL rewriting rather than redirecting via the client. In this case, the client still thinks they're requesting www.my.com/a but you return the content for www.my.com/b
In the code which generates b you can see that the request is for www.my.com/a so you know that they've been "rewritten".
I Recently set an aspnet application under win 7 IIS 7 and got enabled SSL for this app.
the app works great under ssl, but when i change the schema from https to http, using a response.redirect, the request get a timeout, i am stuck with it, any idea is welcome.
regards
You cannot switch protocols unless you provide an absolute URL. The reference must be absolute.
make use of the encryptedUri and unencryptedUri attributes. "unencryptedUri" may be specified to send the user back to another domain or specific URI when the module removes security.
You can have a custom configuration..
<secureWebPages
mode="RemoteOnly"
encryptedUri="secure.mysite.com"
unencryptedUri="www.mysite.com"
maintainPath="True"
warningBypassMode="AlwaysBypass">
...
</secureWebPages>
An example would be to redirect secure requests to secure.mysite.com and requests that don't need to be secure could be redirected back to www.mysite.com. maintainPath is used in conjunction with the above attributes. When the module redirects to the encryptedUri or unencryptedUri, it appends the current path before sending users on their way.