Weird SSL behavior

Topics: User Forum
Jul 7, 2009 at 9:14 PM

Hi, i'm using DotNetNuke and I only want 2 specific page (tab) to be secure (HTTPS), and would like to force the other pages to be unsecure (HTTP).

I'm using the following config:

RewriteCond %{HTTP_HOST} ^$
RewriteCond %{HTTPS} ^on$
RewriteCond %{QUERY_STRING} ^(?!tabid=66|tabid=77)$
RedirectRule ^(.*)$$1 [R=301]

Everything works as intented, but on the 2 secure pages (tabid=66 or tabid=77) i get "this page is partially encrypted" popup box. If I disable the IIRF config above then the page is 100% encrypted.

Anyone knows what's going on? Thanks!

Jul 7, 2009 at 10:02 PM
Edited Jul 11, 2009 at 11:37 AM

A guess : within the two tabs secure pages, there are references to images, scripts or stylesheets.  Those links will be https links, but the third RewriteCond will not match, therefore they *will* be redirected to an insecure URL.  

Check the IIRF logfile to see the evidence.  if that's the case then you may want to introduce another rule to exempt all images, stylesheets and scripts from the redirect, assuming that they will only be requested from within a page.