1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Https and SSL

Discussion in 'XenForo Questions and Support' started by OldCoals, Nov 20, 2014.

  1. OldCoals

    OldCoals Active Member

    Have I understood this correctly?

    If I install an SSL certificate and enable the image proxying that will take care of any issue regarding loading images outside of the secure area?
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Yes.

    You will also need to implement an .htaccess redirect - see the FAQ in my signature for that.
     
    OldCoals likes this.
  3. OldCoals

    OldCoals Active Member

    So install the cert, enable image proxy add this code.

    Code:
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    Job done.

    Thanks Brogan!
     
  4. Gene Steinberg

    Gene Steinberg Well-Known Member

    OK, I enabled image proxy.

    I added the code in the /forum folder.

    I enabled HTTPS everywhere I can see to enter it in your setup. I fixed it in logo link, links to ads that I can control, etc., etc.

    I have a proper SSL (www.theparacast.com/forum). But the lock box only shows in the admin area.

    So what do I do next?
     
  5. Brogan

    Brogan XenForo Moderator Staff Member

    It shows fine for me.

    upload_2014-12-2_23-52-38.png
     
  6. Gene Steinberg

    Gene Steinberg Well-Known Member

    OK, in Firefox and Chrome, current versions.

    Opera wants to block "insecure content" unless I agree to allow.

    Latest Safari (I can't tell you how late) on Mac doesn't show lock, nor does Safari for IOS 8.1.1 on my iPhone.
     
  7. Brogan

    Brogan XenForo Moderator Staff Member

    It's probably something to do with the ad scripts you are running.

    upload_2014-12-3_0-17-14.png
     
  8. Gene Steinberg

    Gene Steinberg Well-Known Member

    I fixed every internal link I could find that wasn't HTTPS, but I have no control over links to external sites for ads. So what does one do? Does this "mixed" message hurt traffic?
     
  9. Brogan

    Brogan XenForo Moderator Staff Member

    Well for a start there is little point in paying for an SSL cert if you're not going to implement it properly.

    Contact the ad providers and check whether that have an HTTPS compatible service.
     
  10. Gene Steinberg

    Gene Steinberg Well-Known Member

    Well, it was a 98 cent deal from Namecheap, so it's no huge loss. I did temporarily switch back to regular settings and will await further communication from ad providers.
     

Share This Page