Blank.htm and HTTPS

[shuff19]

Andy,

Just wondering if Version 5 is going to address the https problem, with having to add blank.html to the root of the server?

The reason I ask is my system administrator is informing me we are getting 25,000 requests (hits a day) on blank.html, while the site itself is only receiving about 5,000 a day. This means for every page that loads, it is calling blank.htm about 5 times.

Leaving blank.html out is not an option for us either due to everyone getting secure/non-secure errors when the blank.html is not present.

Any better work around on the horizon??

[Hergio]

Hey Shuff, I just answered a question almost exactly like yours in a post to the version 3 forum. I won't explain it again here but as far as I can see, its necessary so far. Its a browser thing since it wants things to stay as secure as possible. Take a look at http://milonic.com/forum/viewtopic.php?t=2365 and see what you think. Maybe if you see why it needs to do it, you guys can think up a workaround for your situation.

[shuff19]

Thanks Hergio.

I will investigate it more, but for now, your right on the money.
I have included the url that describes this issue. Microsofts answer:

http://support.microsoft.com/default.as ... -us;261188

[Hergio]

I look at it like this...if Microsoft did it to be more secure, then great. Because I would much rather them do it for the sake of security then make life easier for us.

[Maz]

What if you are not using a secure server, do you still need the blank?
Or does it still make the site secure in other ways?

[Hergio]

No if you are not using https, it never goes into the section of menu code that calls upon blank.htm. SO if you dont use https (SSL) then dont worry about.

[Maz]

Dave,
I like your answer,
thank you!
maz

[bholder]

i need to find an alternative to placing blank.html in the root of our site - i tried this and it seemed to work initially but has stopped working and is prompting users to download insecure items.

can you possibly tell me how to alter the src attribute of the iframe in the milonic source code? our site is running on a custom cms that pushes invalid requests to the homepage of the site, and i suspect that a request for blank.html is being handled this way and thus causing the problem.

thanks!

[Andy]

Hi,

You could try adding the following code to the top of your datafile

Code: Select all

_CFix=true

This means that the menu will not use any potentially insecure items.

Hope this helps
Andy

[bholder]

Hi,

You could try adding the following code to the top of your datafile

Code: Select all

_CFix=true

This means that the menu will not use any potentially insecure items.

Hope this helps
Andy

hi andy - thanks for responding - i just tried this and it doesn't appear to solve the problem - still prompts for downloading insecure items when i switch over to ssl.

i still think that the src attrib of the iframe loading the menu is the culprit - i hesitate to change the src code for the menu unless advised by you guys - just don't want to mess anything up.

any other ideas? this is really a hot issue for us at the moment b/c it is affecting a reservation booking engine we are running securely on our site.

thanks!

[John]

i hesitate to change the src code for the menu unless advised by you guys - just don't want to mess anything up.

Continue to hesitate! Changing anything in the menu code (other than _data, of course) will void all support functions.

any other ideas? this is really a hot issue for us at the moment b/c it is affecting a reservation booking engine we are running securely on our site.

This is probably a little hokey, but I have a few similar situations here. To get around it I simply copied the offending items (typically graphics) into a directory on the secure site. No more problems. I suspect my apps are not as big as yours and this may not be practical, but it does work.

[Andy]

i just tried this and it doesn't appear to solve the problem

There must be something else at fault then. have you tried your page without the menu? Does the message still appear after the menu has been removed.

Also, Which version are you using?

And, can we see your website or is it too secure?

Cheers
Andy

[bholder]

have you tried your page without the menu? Does the message still appear after the menu has been removed.

yes i have tried this and it works fine without the menu.

Also, Which version are you using?

Version 5.18 - we just ordered the menu last week.

And, can we see your website or is it too secure?

yes, it is a public facing website - however, at the moment we are battling the bobax virus and have had to shut down external access to our web cluster.

you may try later to access the site, but i have no eta of when our systems will be back online. it's a bad day for our engineers

the url to one specific page that switches over to ssl is http://www.south-seas-resort.com/index. ... esortgifts

thanks!

[John]

That page does switch over to SSL but never finishes loading. Down towards the bottom of what I did get, right in the middle of a table, it decided to start throwing in some JS!

[Andy]

Let us know when we can reach the site and we'll take a look, it's probably something silly and should be an easy fix. Once we know what it is that is.

Version 5.18 should be fine, I tested it earlier today on our dev server and it didn't complain. Unfortunately, we don't run SSL on milonic.com so can't show you.

Anyways, keep us posted and we'll do what we can.

Cheers
Andy

[kevin3442]

i need to find an alternative to placing blank.html in the root of our site - i tried this and it seemed to work initially but has stopped working...

What changed on your site between the time that blank.html did it's job and when it didn't?

Kevin

[bholder]

Let us know when we can reach the site and we'll take a look, it's probably something silly and should be an easy fix. Once we know what it is that is.

you should be able to access the site now - thanks for your help!

[bholder]

What changed on your site between the time that blank.html did it's job and when it didn't?

nothing that i'm aware of - it's hard to keep track of everything that goes on in the web cluster - all i know is that it worked for a couple of hours fine, then it seemed to stop working - mind you, our load balancer manages all the ssl certificates so i'm not sure if something changed there, but i will check.

thanks!

[bholder]

ok - this is embarrassing, but i figured out what the problem was, and what i expect happend to make the blank.html workaround stop working.

our designer replaced an animated gif with embedded flash at some point after i implemented the blank.html solution - the flash was using a codebase reference with http:// in it which when changed to https:// works without prompting the user to dl insecure items. aaaargh!

thanks for all your help though!

[kevin3442]

Hmmmm... so I wonder why the page wrked OK when you removed the menus?

Be kind to your designer, for he knew not what he did.

Glad it works.

Kevin