strange ie6 ssl bug
Peter Baumgartner
discovered an IE6 bug late in the game.
It generates a bogus message about being redirected to a page that
isn't secure during checkout. This is the only reference I found that
sounds similar http://www.billrowell.com/2007/09/07/weird-ie6aspnet-ssl-bug/
but the solution doesn't seem to apply here.
The site doesn't have DNS pointed to it yet, but I'd like to get this
fixed before it does. If anybody thinks they can help with a solution,
please contact me off list. I'd be happy to pay for your time. Once we
get it fixed, I'll post the solution back to the list for posterity.
Thanks for your help,
Pete
Chris Moffitt
-Chris
Peter Baumgartner
Nginx frontend, proxying django requests to mod_python
Chris Moffitt
http://www.satchmoproject.com/trac/wiki/InstallationHints
Does this apply?
-Chris
Peter Baumgartner
x.x.x.x - - [14/Dec/2007:02:45:26 -0700] "POST /shop/checkout/
HTTP/1.1" 302 0 "https://mydomain.com/shop/checkout/" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)"
### IE6 Security Alert[1] happens here
x.x.x.x - - [14/Dec/2007:02:45:33 -0700] "GET /shop/checkout/credit/
HTTP/1.1" 301 185 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1)"
[1] "You are about to be redirected to a connection that is not secure.
The information you are sending to the current site might be
retransmitted to a nonsecure site. Do you wish to continue?"
Peter Baumgartner
I have it in place like that right now. I shouldn't be hitting that
redirect because I am on an https page posting to an https page and
redirecting to an https page. The redirect only applies if you are
trying to access an http page.
I'm stumped...
Peter Baumgartner
Turns out that quick Nginx rewrite was the issue. It works in all
browsers, but causes the bogus security alert in IE6 only.
I ended up running both SSL and non-SSL Apache and Nginx hosts (before
SSL Nginx forwarded to non-SSL Apache). Then I enabled Satchmo's SSL
middleware and then had to restart my Apache server to get it to take.
Weird one for sure...
Hope this helps someone else out :)
--
Pete
Chris Moffitt
Once you get the new site up and running, let me know and I'll be happy to add it to the front page list of current Satchmo sites.
-Chris
Cliff Wells
> With the help of some people much smarter than I, I finally got this worked out.
>
> Turns out that quick Nginx rewrite was the issue. It works in all
> browsers, but causes the bogus security alert in IE6 only.
>
> I ended up running both SSL and non-SSL Apache and Nginx hosts (before
> SSL Nginx forwarded to non-SSL Apache). Then I enabled Satchmo's SSL
> middleware and then had to restart my Apache server to get it to take.
You could simplify this setup quite a bit (and save quite a few
resources) by using Nginx proxied to wsgiserver rather than Nginx
proxied to Apache+mod_python.
http://www.xhtml.net/scripts/Django-CherryPy-server-DjangoCerise
Incidentally, I followed this recipe but substituted the wsgiserver from
CherryPy 3 without issue.
Regards,
Cliff
Peter Baumgartner
> You could simplify this setup quite a bit (and save quite a few
> resources) by using Nginx proxied to wsgiserver rather than Nginx
> proxied to Apache+mod_python.
>
> http://www.xhtml.net/scripts/Django-CherryPy-server-DjangoCerise
>
> Incidentally, I followed this recipe but substituted the wsgiserver from
> CherryPy 3 without issue.
>
OK, since this is the second time you've brought this up to me, I'll bite :)
How is CherryPy more simple than Apache/mod_python?
Have you done or seen any speed and concurrency benchmarks of your
setup vs. Apache/mod_python?
Apache/mod_python is rock solid for me and is nearly trivial to add
virtual hosts after the initial setup. It is also _the_ recommended
way of serving Django.
I'd love to see some hard facts as to why I should switch though.
--
Pete