Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Make sure you have configured the directories for your images and style sheets
in this module's configuration section with the secure attribute set to
"Ignore".
...
<add path="~/images" secure="Ignore" />
<add path="~/styles" secure="Ignore" />Original comment by vent...@gmail.com on 22 Jun 2011 at 9:52
GoogleCodeExporter
commented
9 years ago I did that and what I see in firefox using firebug is that for the css i get
the message as "Failed to load source for
:http://<ipaddress>:443/..../style.css"
Is there anything I am missing ?Original comment by vprathyu...@gmail.com on 23 Jun 2011 at 9:00
GoogleCodeExporter
commented
9 years ago May I see your configuration for this module (with deleted sensitive
information)? I will try to reproduce based on what I see. Thanks.Original comment by vent...@gmail.com on 24 Jun 2011 at 9:18
GoogleCodeExporter
commented
9 years ago Here is the config info.currently the web application is used with ipaddress
<configSections>
<section name="securitySwitch"
type="SecuritySwitch.Configuration.Settings,SecuritySwitch"/>
</configSections>
<securitySwitch mode="On">
<paths>
<add path="~/Resources/" secure="Ignore" />
<add path="~/CSS/style.css" secure="Ignore" />
<add path="~/JS/lib/" secure="Ignore"/>
<add path="~/JS/UI/" secure="Ignore"/>
</paths>
</securitySwitch>
<system.web>
<httpModules>
<add name="SecuritySwitch"
type="SecuritySwitch.SecuritySwitchModule,SecuritySwitch"/>
</httpModules>
</system.web>Original comment by vprathyu...@gmail.com on 27 Jun 2011 at 2:42
GoogleCodeExporter
commented
9 years ago Hi again.
With your current configuration, the module will try to redirect ALL requests
to HTTP (not secure) except for the 3 directories and 1 style sheet you have
listed. That means, you will never see a secure page with this setup. You'll
need to add at least one path that you want to be secured in order to allow an
HTTPS request. I suggest something like the following.
<securitySwitch mode="On">
<paths>
<add path="~/Login.aspx" />
<add path="~/Resources/" secure="Ignore" />
<add path="~/CSS/" secure="Ignore" />
<add path="~/JS/" secure="Ignore" />
</paths>
</securitySwitch>
Please, note how I've added an entry for the Login.aspx page to be secured (via
HTTPS) and I reduced your CSS and JS directories so anything requested in them
will be ignored.Original comment by vent...@gmail.com on 28 Jun 2011 at 12:07
GoogleCodeExporter
commented
9 years ago Thanks for the response. I tried the way you mentioned but I think the problem
is that the host header is adding 443 which is a default port for SSL to the
url and it shows as http://ipaddress:443/CSS/style.css which conflicts with
actual URL(https://ipaddress/CSS/style.css. The fiddler clearly shows that.
Is there a way I can debug and see if the dll is working correctly ?
Original comment by vprathyu...@gmail.com on 28 Jun 2011 at 8:56
GoogleCodeExporter
commented
9 years ago I would expect it to still use HTTPS even if the 443 port was being added to
the URL. You are reporting that it is still showing http://, which I find odd.
Is there a proxy server or certificate server in play here?
You could try adding the baseInsecureUri and baseSecureUri attributes to your
securitySwitch section to aid the module with the correct URL.
<securitySwitch baseInsecureUri="http://ipaddress"
baseSecureUri="https://ipaddress:443">
...
</securitySwitch>
If you still need to debug this module, you can load the source solution for
Security Switch into Visual Studio and use remote debugging on the website, or
attach to the local process (if running locally).Original comment by vent...@gmail.com on 28 Jun 2011 at 9:16
GoogleCodeExporter
commented
9 years ago I tried using the baseSecureUri and baseInsecureUri but still no affect. Now my
question is there a way I can see that the dll is in use.For ex any kind of
logs or something by which I will know whats happening. The problem I see now
is that I am getting a message in fiddler as Protocol violation error in
Fiddler as below. Hope you can give some insight on this.
11:00:37:6114 Fiddler Running...
11:01:55:8949 Fiddler.Network.ProtocolViolation - [#39] Request's Host header
does not match Host specified in URI.
URL Host: ipaddress < xxx.xxx.xx.xxx>
Header Host: ipaddress < xxx.xxx.xx.xxx>:443
11:14:51:0772 [Fiddler] Failed to read HTTP request from (avp:10700) new client
socket, port 59328.
11:15:56:1179 [Fiddler] Failed to read HTTP request from (avp:10700) new client
socket, port 59359.
11:34:12:0256 [Fiddler] Failed to read HTTP request from (avp:10700) new client
socket, port 59566.
11:39:03:3693 [Fiddler] Failed to read HTTP request from (avp:10700) new client
socket, port 59858.
11:40:03:4407 [Fiddler] Failed to read HTTP request from (avp:10700) new client
socket, port 59898.
11:45:55:5958 fiddler.network.readresponse.failure> Session #591 raised
exception Unable to read data from the transport connection: An established
connection was aborted by the software in your host machine.
11:52:48:1204 Fiddler.Network.ProtocolViolation - [#639] Request's Host header
does not match Host specified in URI.
Original comment by vprathyu...@gmail.com on 30 Jun 2011 at 6:18
GoogleCodeExporter
commented
9 years ago If your requests are attempting to redirect, the module is in use. It sure
seems like something else is going on with Fiddler reporting request via ports
in the 59000 range.
I suggest disabling the module altogether (mode="Off") and see if you still
have issues with the site.Original comment by vent...@gmail.com on 8 Jul 2011 at 2:59
GoogleCodeExporter
commented
9 years ago Closing after no further communication.Original comment by vent...@gmail.com on 5 Nov 2011 at 3:59
Original issue reported on code.google.com by
vprathyu...@gmail.comon 22 Jun 2011 at 7:48