geekrich Posted January 11, 2012 Share Posted January 11, 2012 (edited) Hello everyone, I'm new to this forum. I am sorry if i posted this in the wrong section. Recently i started a web hosting company, bought dedicated IP, SSL and WHMCS monthly rental. Once I installed my WHMCS, i'm now getting the SSL as a red- crosses https in chrome when accessing the client area. But the admin area is working fine in SSL. We all know that it means the https is not secure. I read the page source (once the page is loaded) and found no error in that. All the URLs seems to be just relative pal. They are not absolute path. Further, the WHMCS is not integrated with the site design. its still simply the same design I'm totally struck. Please help me. The URL to my whmcs is https://samrixe.com/billing For the ease assistance i have made the https as default in the configuration. Thanks in advance. Edited January 11, 2012 by geekrich 0 Quote Link to comment Share on other sites More sharing options...
laudenbachm Posted January 11, 2012 Share Posted January 11, 2012 It looks like you have fixed the issue. Some pages are not designed to be served over SSL due to external code. Its best not to force SSL on it, but have it installed and allow WHMCS to control what it serves in SSL. Mark 0 Quote Link to comment Share on other sites More sharing options...
christofire Posted January 18, 2012 Share Posted January 18, 2012 I see the SSL warning in Chrome (Mac) with the details of: "Your connection to samrixe.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page." I'm having the same issue where only chrome is reporting a problem. Oddly, I opened just the logo in a new tab, which is located in the whmcs template files and I see the same error. As only that one image file is presented and I see the same error, and as geekrich is using the default template, it seems unrelated to the template at all. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted January 18, 2012 Share Posted January 18, 2012 I read the page source (once the page is loaded) and found no error in that. All the URLs seems to be just relative pal. Relative links in that page are apparently being called insecurely because of this in the document head: <base href="http://www.samrixe.com/billing/" /> (note the "http") A base HREF is used to declare the path to be appended to relative URIs instead of using the default which is to base it on where it's called from. 0 Quote Link to comment Share on other sites More sharing options...
m8internet Posted January 18, 2012 Share Posted January 18, 2012 Relative links in that page are apparently being called insecurely because of this in the document head: <base href="http://www.samrixe.com/billing/" /> Other way round, that is an absolute URL However the visitor can ignore the warning by setting the permission for mixed content within the browser and it is required for some websites (such as enom) 0 Quote Link to comment Share on other sites More sharing options...
bear Posted January 18, 2012 Share Posted January 18, 2012 Other way round, that is an absolute URL You're mistaken, or possibly misinformed. That is a base href, used for declaring what point relative URIs should start at. http://www.w3schools.com/tags/att_base_href.asp 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted January 18, 2012 Share Posted January 18, 2012 You can probably fix this by changing the base href to be protocol agnostic. I'm pretty sure this is valid for base href. <base href="//www.samrixe.com/billing/" /> 0 Quote Link to comment Share on other sites More sharing options...
bear Posted January 18, 2012 Share Posted January 18, 2012 You can probably fix this by changing the base href to be protocol agnostic. I'm pretty sure this is valid for base href. Though I haven't tested, the RFC seems to indicate otherwise. http://www.ietf.org/rfc/rfc1808.txt RFC 1808 Relative Uniform Resource Locators June 1995 <scheme>://<net_loc>/<path>;<params>?<query>#<fragment> each of which, except <scheme>, may be absent from a particular URL. These components are defined as follows (a complete BNF is provided in Section 2.2): scheme ":" ::= scheme name, as per Section 2.1 of RFC 1738 [2]. "//" net_loc ::= network location and login information, as per Section 3.1 of RFC 1738 [2]. "/" path ::= URL path, as per Section 3.1 of RFC 1738 [2]. ";" params ::= object parameters (e.g., ";type=a" as in Section 3.2.2 of RFC 1738 [2]). "?" query ::= query information, as per Section 3.3 of RFC 1738 [2]. "#" fragment ::= fragment identifier. 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted January 18, 2012 Share Posted January 18, 2012 Ah, yeah, I wasnt sure if it was valid or not, I know you can do it with href/src/etc links. 0 Quote Link to comment Share on other sites More sharing options...
And then there was one les Posted March 18, 2013 Share Posted March 18, 2013 from what i can make out there that isnt sayign it isnt RFC standard. I would say <base href="http://somesite.com/"> on a secure page would be none standard. it makes sense to me at least that a secure page would require a secure base. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.