HTTPS not 100% - can't find unsecured content; What's wrong?

[Pensive]

Quick setup overview:

 

portal.xxxxxx.com is runnign on linux, I have disabled my template and I am using the default to eliminate potential there. I have also disabled twitter in case thats the issue.

 

I have tried two different ways to enable HTTPS, currenlty I have nothing in my HTTPS url box, and http://portal.xxxxx.com in my http box in the setup, the rewrite is done with .htaccess with:

 

RewriteEngine On
Options +FollowSymlinks  

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

AuthName portal.xxxxxxx.com

# Announcements
RewriteRule ^announcements/([0-9]+)/[a-z0-9_-]+\.html$ ./announcements.php?id=$1 [L,NC]
RewriteRule ^announcements$ ./announcements.php [L,NC]

# Downloads
RewriteRule ^downloads/([0-9]+)/([^/]*)$ ./downloads.php?action=displaycat&catid=$1 [L,NC]
RewriteRule ^downloads$ ./downloads.php [L,NC]

# Knowledgebase
RewriteRule ^knowledgebase/([0-9]+)/[a-z0-9_-]+\.html$ ./knowledgebase.php?action=displayarticle&id=$1 [L,NC]
RewriteRule ^knowledgebase/([0-9]+)/([^/]*)$ ./knowledgebase.php?action=displaycat&catid=$1 [L,NC]
RewriteRule ^knowledgebase$ ./knowledgebase.php [L,NC]

 

 

Chrome still reports the following:

 

"your connection to portal.xxxxx.com is encrypted with 256bit encryption. However this page includes other resources which are not secure."

 

The only external links I can find are to wiki sites in my knowledgebase. Could this be the problem?

 

Any way to trace unsecure links within a site?

 

any help greatly appreciated.

[bear]

Simplest way is to search the source code of the live page for "http:". If you offer the link here, someone may be able to help locate this.

[Pensive]

Interesting; Prefer not to post the link if poss for security reasons;

 

Google chrome developer tools list the errors in the console, interestingly. It's all the template which is pointing to http links. I'm going to try creating a copy of the template with all https links in it, and I'll report back.

 

Unfortunately I had to remove the https:// url from the https:// section to get my rewrite to work, but it should be rewriting everything, including the template links, surely? I'll try hacking them out and come back.

 

If i return an HTTPS link to that box, I'll have to rework my .htaccess as I'll get a circular rewrite error.

[bear]

Prefer not to post the link if poss for security reasons;

Your ordering system link is a security risk to post publicly?

It's doubtful anyone here can help without being able to see the code, since it's likely something subtle within the rendered page.

[Pensive]

No, it's not that - its that other posts i might make on the forum can then be collated to gain information about my general configuration which could assist a hacker.

 

I will post it for now and remove it later;

 

<<removed by request>>

[Pensive]

Rather annoyingly, I have replaced "http" with "https" in the portal template, set both normal and https urls to "https://<<removed by request>>", and eliminated anything in the chrome log which would explain why I still have "unsecured content".

 

Still got unsecured content !!!!!

 

Firefox doesnt seem to find anything wrong ; IE9 doesnt seem to be able to tell me much, but chrome still fuinds an issue. Anyone got any ideas?

Edited October 8, 2010 by Pensive

[bear]

I've visited with Chrome, FF, Seamonkey and IE8, no errors with SSL reported.

[Pensive]

Hurray! guess my cache needed to clear itself - thanks bear.

[Pensive]

dammit - i can't edit my post - would you mind removing the link to my portal please?