I'm wondering if anyone has run into this. I have a site that the majority of content is run off the https secure server. My problem is in running banner ads they are all coming from insecure servers like affiliate programs, ad networks, etc... so when pages get loaded the secure/insecure box pops up. I'm trying to find alternative ways of dealing with this. I despise frames and don't really want to do that (and I'd have to have too many frames to cover all the banners). I really can't save copies of the banners on the server because of the ad network and affiliate program requirements.

One thought I had was to rewrite hunks of code in the ad banner program to retrieve the image, write it to a temp file on the server and then serve up that image and then I can clear out the old stuff via a cron script.

Anyone know of or using a creative way of dealing with this? Thx.

Hi,

You could use mod_proxy and mod_rewrite to do this I think.

You could make your banner ad links:

http://yoursite/banners/somecode

and then add in your httpd.conf:

<Location /banners/>
RewriteRule /banners/code1 http://affiliatenetwork/banenr.pl [L,P]
</Location>

so basically they make a request to your server under SSL, and then Apache fetches the banner and returns it to them. It does mean the IP the banner program sees will be your servers, and not the clients. This may have implications.

Hope this helps,

Alex
--
Gossamer Threads Inc.

Hm. Can you actually do this? Surely this opens the door to some security issues regarding 'faking' secure content?

- wil

I don't see why not:

1. You make a secure connection to https://site/banners/code1.
2. Apache gets this request, and it's handled by mod_rewrite with:

RewriteRule /banners/code1 http://anothersite/banner.pl

3. Apache uses mod_proxy to make a non secure request to banner.pl.
4. Apache returns you the content of the banner encrypted via SSL.

Cheers,

Alex
--
Gossamer Threads Inc.