File Upload into media library is not working with https

Eric Kyaw asked on July 24, 2017 06:34

Hi,

Kentico 10 is installed and configured. HTTP is configured in IIS servers (Kentico Web servers) however HTTPS is not configured. In front of web servers, there is an elastic load balancer (AWS ELB) which will load balance the traffic and translate incoming http or https to http and then pass it to kentico web server. If user use http protocol, everything is working fine. If user use https protocol, all are working fine except upload file into media library is not working. It is because browser block it as "Block:Mixed Content" and it is using http to "MultiFileUpload.ashx" instead of https.

May I know if I miss any setting to be configured for above?

Regards, Eric Kyaw

Recent Answers

Bryan Soltis answered on July 24, 2017 15:01

I'm not positive this is the case, but this is how I see it: The most likely cause I think could be that the file upload process is a separate thread to the web server. If that's the case, then the load balancer would get the initial web request, which it's routing to HTTP. The file upload request, is generated by the web server to itself, which is not going through the load balancer, but rather resolving on the machine, and most likely, staying on HTTPs. Your browser is then getting 2 responses, one from the web server for the initial request, and one for the file upload.

I suspect that these have different headers because of how the load balancer is manipulating the request from HTTPS to HTTP, and that is where the issue is. Anytime your browsers receives content from mixed protocols (HTTPS + HTTP), it will warn you because that is a very common phishing attack that hackers will use.

I would think the simplest solution would be to configure the IIS server for HTTPS and test.

1 votesVote for this answer Mark as a Correct answer

Eric Kyaw answered on July 25, 2017 03:38

Thank Bryan Soltis for the reply. I will test it and get back to you the result.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on July 27, 2017 10:25

Hi Eric,
You need to configure the SSL accelerator in Kentico in this case so Kentico knows about the SSL termination at the load balancer.

0 votesVote for this answer Mark as a Correct answer

Chippewa Valley Tech College answered on August 23, 2018 16:34 (last edited on August 23, 2018 16:35)

We experienced this issue as well.

0 votesVote for this answer Mark as a Correct answer

Joshua Myers answered on August 23, 2018 16:35

This is a bit of a "hack" solution, but it got me back on my feet.

FILE: /CMSAdminControls/MultiFileUploader/MultiFileUploader.ascx.cs
LINE: 387
OLD: return URLHelper.GetAbsoluteUrl(url);
NEW: return URLHelper.GetAbsoluteUrl(url).Replace("http://", "https://");

This overwrote the HTTP to HTTPS and the uploads worked as expected.

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.