According to Raymond J. Henry:
That would have been my next guess... :)
Next step is to see how to prevent it from accessing the page when going to http://hermes.manitobamall.net.
I think all you'd have to do is add the following to the .htaccess file...
<IfDefine HAVE_SSL> SSLRequireSSL SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ ) </IfDefine>
In addition, if you would like to have people redirected to the secure port, rather than just getting an error when they come in via http, you can add the following within the IfDefine tags...
<IfModule mod_rewrite.c> RewriteEngine on # For testing (logs a lot!): #RewriteLog /var/log/httpd/rewrite_log #RewriteLogLevel 9 # Rather than just deny non-SSL access, we'll redirect to https: # See http://www.apache.org/docs/misc/rewriteguide.html RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^/(.*) https://hermes.manitobamall.net/$1 [L,R] </IfModule>
We use a similar trick for our web-based mail software, to force the browsers to use SSL, to encrypt not only the passwords, but also the e-mail content itself.
The rewrite/redirect is much "friendlier" than just giving the users an error, IMHO.
Aren't computers fun? <G>
I think so! :)