Hi Owen,
Thanks for your sugguestion. Where can i download mod_rewrite?
Sandy
>From: Owen Boyle <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: Using https can't get images from other sites?
>Date: Thu, 24 Aug 2000 09:34:29 +0200
>
>Hi Sandy,
>
>I'm sure Simon's response is correct, but I think there is a way you can
>get the behaviour you want.
>
>The problem is that the *browser* knows it has an SSL document so gets
>frightened when it sees a reference to a normal non-SSL document inside.
>The trick is to fool the browser by re-writing the URL in the *server*.
>Try the following:
>
>- Make sure you have mod_rewrite installed in your server (./httpd -l
>will show what modules you have).
>
>- In the SSL document, refer to your images like this:
>
><IMG SRC=/non_ssl_images/my_image.gif>
>
>- In the SSL VirtualHost, add the directives:
>
> RewriteEngine On
> RewriteLog logs/rewrite_log # These two are optional
> RewriteLogLevel 9 # (just for logging)
> RewriteRule ^/non_ssl_images/(.*) http://othersite.com/images/$1
>
>- Restart the server.
>
>Now what happens is:
>
>- The browser gets the SSL document and sees a ref to an image which is
>*apparently* under the SSL DocumentRoot.
>- So it is quite happy and requests "/non_ssl_images/my_image.gif".
>- But the Server now has a RewriteRule for "/non_ssl_images/" and so
>turns it into "http://othersite.com/images/my_image.gif".
>- The server parses the new URL and sends the image it finds there.
>- The browser gets the image and is happy to display it.
>
>I'm not sure if this is a loop-hole in the alleged "Security Feature"
>but it does seem to work (we've been using it for quite some time!) One
>funny thing is that the browser does seem to be aware that the URL has
>been re-written because if you right-click "View Image" on the image, it
>appears with its proper "http:" URL. However, this doesn't seem to
>bother it...
>
>Best of Luck,
>
>Owen Boyle.
>
>--
>SWX Swiss Exchange, 10 Cours de Rive, 1211 Geneve 3
>--------------------------+-------------------------
>Phone: +41 (0)22 849 5648 | Fax: +41 (0)22 849 5643
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
