Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

New IE7 secuirty settings affecting 'legit' SSL method.

Jul 8, 2008 12:32AM PDT

(This is a re-post, I first asked this on the browser forum)

For years we've been using an apache re-write to give users of our site the ease of entering 'http://www.domain.com' and directing them to our secure site 'https://secure.domain.com/rest_of_url'

No problems, and from what documentation I've found on-line, this is more or less industry standard practice.

But with IE7 I'm getting complains from users being asked about the warning window 'The current Web page is trying to open a site in your Trusted sites list'

It no good for me to tell each and every user (its a public site with many thousands of hits a day) to modify their internet security settings. That not the way to keep business.

Goggling has only pointed out ways to turn of that warning from the user level, but I've not found any other 'best practice' for web masters. The one link I found on Microsoft said something about redesigning the site so that all parts are at the same 'security level' which is useless as the whole ideas was to help the users switch from unsecured to secure. Making them type in a secure version of the URL from the beginning is hardly helpful.

Any idea?

Discussion is locked

- Collapse -
Sadly, you are stuck.
Jul 8, 2008 12:36AM PDT

To get around this would mean Microsoft didn't implement the security fix proper. I've looked into this and let's sum it up as "you're hosed."

Bob

- Collapse -
Best bet
Jul 8, 2008 2:52AM PDT

is to put a small notice on the website "If you're seeing a pop-up message etc etc, click here to learn how to remove it." or something like that.

~Sovereign