Hi Sandy,
I'm sure Simon's response is correct, but I think there is a way you can
get the behaviour you want.
The problem is that the *browser* knows it has an SSL document so gets
frightened when it sees a reference to a normal non-SSL document inside.
The trick is to fool the browser by re-writing the URL in the *server*.
Try the following:
- Make sure you have mod_rewrite installed in your server (./httpd -l
will show what modules you have).
- In the SSL document, refer to your images like this:
<IMG SRC=/non_ssl_images/my_image.gif>
- In the SSL VirtualHost, add the directives:
RewriteEngine On
RewriteLog logs/rewrite_log # These two are optional
RewriteLogLevel 9 # (just for logging)
RewriteRule ^/non_ssl_images/(.*) http://othersite.com/images/$1
- Restart the server.
Now what happens is:
- The browser gets the SSL document and sees a ref to an image which is
*apparently* under the SSL DocumentRoot.
- So it is quite happy and requests "/non_ssl_images/my_image.gif".
- But the Server now has a RewriteRule for "/non_ssl_images/" and so
turns it into "http://othersite.com/images/my_image.gif".
- The server parses the new URL and sends the image it finds there.
- The browser gets the image and is happy to display it.
I'm not sure if this is a loop-hole in the alleged "Security Feature"
but it does seem to work (we've been using it for quite some time!) One
funny thing is that the browser does seem to be aware that the URL has
been re-written because if you right-click "View Image" on the image, it
appears with its proper "http:" URL. However, this doesn't seem to
bother it...
Best of Luck,
Owen Boyle.
--
SWX Swiss Exchange, 10 Cours de Rive, 1211 Geneve 3
--------------------------+-------------------------
Phone: +41 (0)22 849 5648 | Fax: +41 (0)22 849 5643
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
