Andreas Hartmann schrieb: > Thorsten Scherler schrieb: >> On Tue, 2007-06-12 at 18:17 +0200, Andreas Hartmann wrote: >>> Hi Lenya devs, >>> >>> I'm a bit confused how the proxy configuration works >>> >>> ATM we have something like this: >>> >>> <proxies ssl="false" root="..."> >>> <proxy area="live" ssl="true" url="..."/> >>> <proxy area="live" ssl="false" url="..."/> >>> <proxy area="authoring" ssl="true" url="..."/> >>> <proxy area="authoring" ssl="false" url="..."/> >>> </proxies> >>> >>> Why does the <proxies> element with ssl=false have >>> children with ssl=true? >> http://marc.info/?l=lenya-dev&m=118036330826401&w=2 >> "Yes, all urls outside of areas are not ssl protected by default (at >> least that is my understanding). Actually one can even get rid of the >> @ssl. The ssl checkbox in the ac is the one that determines whether a >> url is ssl protected or not but you cannot have ac for the global stuff >> ATM and AFAIR." > > But IIUC this would lead to the infamous "This page contains insecure > components" messages, wouldn't it? If a page is served through SSL, > all images, CSS etc. it references also have to be served through > SSL.
I have now configured Apache2 with SSL as a proxy for Tomcat. The login usecase is redirected to SSL. This results in the message I mentioned: "You have requested an encrypted page that contains some unencrypted information. [...]" To avoid this, we'd have to use a global SSL proxy URL for the CSS and image URLs. IMO we should use the SSL variants of all outgoing links on an SSL-encrypted page by default. WDYT? -- Andreas -- Andreas Hartmann, CTO BeCompany GmbH http://www.becompany.ch --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
