[ic] Ask Jeeves frames - secure page issue

Jon Jensen jon at endpoint.com
Fri Aug 27 16:36:28 EDT 2004

On Fri, 27 Aug 2004, John1 wrote:

> It has been brought to our attention by one of our customers that if you get
> to our site via the UK Ask Jeeves search engine then when placing an order,
> the order page is not secure.  i.e.  rather than change to SSL mode the
> order page is a normal insecure page.
> This seemed an odd suggestion, but on investigation I found this was indeed
> the case!
> The problem is that when clicking on a UK Ask Jeeves link you are not
> redirected directly to the website.  Instead, the website is embedded as a
> frame within the UK Ask Jeeves site.  Basically you just get the AskJeeves
> banner across the top of your website.  Very annoying feature!  I tested
> www.ask.com and it seems that this does not employ the same "feature" - only
> www.ask.co.uk
> The URL looks something like this
> http://www.ask.co.uk/ix.asp?q=the+search+phrase&ac=SHOP...&url=www.ourdomain.com
> Anybody any ideas how to get round this - i.e. always make the order page
> secure even if the website is embedded as a frame in the AskJeeves website?
> Or better still, is there a way to bounce the page to the real website -
> i.e. force the frame to be removed?

The best way to force a page to be secure is to force it with 
AlwaysSecure and ExtraSecure in Interchange's catalog.cfg:


Then also have your webserver redirect any non-secure accesses to it to
the https equivalent. For Apache, use mod_rewrite:


You can use simple JavaScript code on your pages to break out of a frame:



Jon Jensen
End Point Corporation
Software development with Interchange, Perl, PostgreSQL, Apache, Linux, ...

More information about the interchange-users mailing list