Mobile app version of vmapp.org
Login or Join
XinRu657

: Rewrite external HTTP resource links to proxied HTTPS using Apache/PHP First off, disclaimer... I know what I'm asking for is against specification and recommendation but the boss wants it done.

@XinRu657

Posted in: #Https #Proxy

First off, disclaimer... I know what I'm asking for is against specification and recommendation but the boss wants it done. Having said that...

I'm the person responsible for a Moodle installation (open-source Learning platform), which is written in PHP, and served out using Apache on a Debian server. I was a Good Person™, and setup the site to serve itself out using HTTPS with our security certificates. This works great.

Next, the teachers get on and start uploading courses from a repository hosted by another company. That company's website only has HTTP, and refuses to add HTTPS capabilities, even with free certificates. The content is trying to load various images and iframes over HTTP, while the rest of the site is HTTPS; therefore, the user just sees big blank boxes on many courses.

To rectify this, I have been told to either turn off the security so our users won't complain about missing content (meanwhile, I'll get shamed by browsers), or else proxy the HTTP requests through the server so they load. I like technical solutions, so let's look at that.

I tried using Apache's SUBSTITUTE mod, but I could not get the effect I wanted. I wanted to replace src=http://badinsecureurl.com/... with src=https://myserver.issecure.com/proxy.php?http://badinsecureurl.com/..., but I couldn't get this working. As a test of the SUBSTITUTE module, I tried replacing div with vid. It did not change the contents, even after restarting Apache.

I'm assuming this is an issue in PHP. While I'd love to have a technical solution, the end-all goal is that users can click on courses, and see information linked from other sites showing up properly - whether the iframes load content from HTTP, or it somehow gets tricked into thinking it's HTTPS. I have control of my own server, but not the clients accessing the website, nor the remote server hosting random images required for the courses.

10% popularity Vote Up Vote Down


Login to follow query

More posts by @XinRu657

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme