Blank.htm and HTTPS

Poster: shuff19
Dated: Tuesday August 26 2003 - 17:51:57 BST

Andy,

Just wondering if Version 5 is going to address the https problem, with having to add blank.html to the root of the server?

The reason I ask is my system administrator is informing me we are getting 25,000 requests (hits a day) on blank.html, while the site itself is only receiving about 5,000 a day. This means for every page that loads, it is calling blank.htm about 5 times.

Leaving blank.html out is not an option for us either due to everyone getting secure/non-secure errors when the blank.html is not present.

Any better work around on the horizon??

Poster: Hergio
Dated: Tuesday August 26 2003 - 20:50:54 BST

Hey Shuff, I just answered a question almost exactly like yours in a post to the version 3 forum. I won't explain it again here but as far as I can see, its necessary so far. Its a browser thing since it wants things to stay as secure as possible. Take a look at http://www.milonic.com/forum/viewtopic.php?t=2365 and see what you think. Maybe if you see why it needs to do it, you guys can think up a workaround for your situation.

Poster: shuff19
Dated: Tuesday August 26 2003 - 21:20:51 BST

Thanks Hergio.

I will investigate it more, but for now, your right on the money.
I have included the url that describes this issue. Microsofts answer:

http://support.microsoft.com/default.aspx?scid=kb;en-us;261188

Poster: Hergio
Dated: Thursday August 28 2003 - 13:19:51 BST

I look at it like this...if Microsoft did it to be more secure, then great. Because I would much rather them do it for the sake of security then make life easier for us.

Poster: Maz
Dated: Saturday August 30 2003 - 17:07:06 BST

What if you are not using a secure server, do you still need the blank?
Or does it still make the site secure in other ways?

Poster: Hergio
Dated: Sunday August 31 2003 - 18:24:08 BST

No if you are not using https, it never goes into the section of menu code that calls upon blank.htm. SO if you dont use https (SSL) then dont worry about.

Poster: Maz
Dated: Monday September 1 2003 - 2:00:33 BST

Dave,
I like your answer,
thank you!
maz

blank.html in root not working for me - need alternative

Poster: bholder
Dated: Tuesday May 18 2004 - 13:31:13 BST

i need to find an alternative to placing blank.html in the root of our site - i tried this and it seemed to work initially but has stopped working and is prompting users to download insecure items.

can you possibly tell me how to alter the src attribute of the iframe in the milonic source code? our site is running on a custom cms that pushes invalid requests to the homepage of the site, and i suspect that a request for blank.html is being handled this way and thus causing the problem.

thanks!

Poster: Andy
Dated: Wednesday May 19 2004 - 9:23:54 BST

Hi,

You could try adding the following code to the top of your datafile



This means that the menu will not use any potentially insecure items.

Hope this helps
Andy

Poster: bholder
Dated: Wednesday May 19 2004 - 13:07:18 BST



hi andy - thanks for responding - i just tried this and it doesn't appear to solve the problem - still prompts for downloading insecure items when i switch over to ssl.

i still think that the src attrib of the iframe loading the menu is the culprit - i hesitate to change the src code for the menu unless advised by you guys - just don't want to mess anything up.

any other ideas? this is really a hot issue for us at the moment b/c it is affecting a reservation booking engine we are running securely on our site.

thanks!

Poster: John
Dated: Wednesday May 19 2004 - 14:01:52 BST


Continue to hesitate! Changing anything in the menu code (other than _data, of course) will void all support functions.

This is probably a little hokey, but I have a few similar situations here. To get around it I simply copied the offending items (typically graphics) into a directory on the secure site. No more problems. I suspect my apps are not as big as yours and this may not be practical, but it does work.

Poster: Andy
Dated: Wednesday May 19 2004 - 14:07:14 BST



There must be something else at fault then. have you tried your page without the menu? Does the message still appear after the menu has been removed.

Also, Which version are you using?

And, can we see your website or is it too secure?

Cheers
Andy

Poster: bholder
Dated: Wednesday May 19 2004 - 16:29:52 BST



yes i have tried this and it works fine without the menu.



Version 5.18 - we just ordered the menu last week.



yes, it is a public facing website - however, at the moment we are battling the bobax virus and have had to shut down external access to our web cluster.

you may try later to access the site, but i have no eta of when our systems will be back online. it's a bad day for our engineers

the url to one specific page that switches over to ssl is http://www.south-seas-resort.com/index. ... esortgifts

thanks!

Poster: John
Dated: Wednesday May 19 2004 - 16:41:18 BST

That page does switch over to SSL but never finishes loading. Down towards the bottom of what I did get, right in the middle of a table, it decided to start throwing in some JS!

Poster: Andy
Dated: Wednesday May 19 2004 - 16:42:06 BST

Let us know when we can reach the site and we'll take a look, it's probably something silly and should be an easy fix. Once we know what it is that is.

Version 5.18 should be fine, I tested it earlier today on our dev server and it didn't complain. Unfortunately, we don't run SSL on milonic.com so can't show you.

Anyways, keep us posted and we'll do what we can.

Cheers
Andy

Re: blank.html in root not working for me - need alternative

Poster: kevin3442
Dated: Wednesday May 19 2004 - 17:43:16 BST


What changed on your site between the time that blank.html did it's job and when it didn't?

Kevin

Poster: bholder
Dated: Wednesday May 19 2004 - 18:36:43 BST



you should be able to access the site now - thanks for your help!

Re: blank.html in root not working for me - need alternative

Poster: bholder
Dated: Wednesday May 19 2004 - 18:39:41 BST



nothing that i'm aware of - it's hard to keep track of everything that goes on in the web cluster - all i know is that it worked for a couple of hours fine, then it seemed to stop working - mind you, our load balancer manages all the ssl certificates so i'm not sure if something changed there, but i will check.

thanks!

Poster: bholder
Dated: Wednesday May 19 2004 - 19:49:37 BST

ok - this is embarrassing, but i figured out what the problem was, and what i expect happend to make the blank.html workaround stop working.

our designer replaced an animated gif with embedded flash at some point after i implemented the blank.html solution - the flash was using a codebase reference with http:// in it which when changed to https:// works without prompting the user to dl insecure items. aaaargh!

thanks for all your help though!

Poster: kevin3442
Dated: Wednesday May 19 2004 - 21:58:43 BST

Hmmmm... so I wonder why the page wrked OK when you removed the menus?

Be kind to your designer, for he knew not what he did.

Glad it works.

Kevin