Outlook 2013 & red x HTTPS images not displaying in HTML emails

I spent better part of an hour working on why Outlook 2013 would not properly display inline, linked email images.  I got the dreaded red “x”.


Backstory: I am working with a team to roll out an improved daily newsletter.  After trying Constant Contacts and Mailchimp, I was thoroughly impressed with Mailchimp.  For example, Constant Contacts did not have “smart tags” or “merge tags” as Mailchimp calls them.  In other words, with Mailchimp I can insert a PHP date code in the heading bar of my email template:

*|DATE:l \t\h\e jS \of F, Y|*

which every day generates a clean date that looks like:

Tuesday the 16th of June, 2015

Back on point: After setting up SPF and DKIM authentication with Mailchimp everything seemed smooth with one major catch: all the images were broken.  Mobile devices were fine.  Viewing the email in a browsers (IE & Chrome) were fine.  It was Outlook.

After searching and searching, I actually misread this post from Slipstick under “Encrypted page setting”.  A few minutes later I stumbled across this Microsoft KB article 30333864.  This immediately solved the issue after restarting Outlook.

Uncheck “Do not save encrypted pages to disk” and hit “Apply” and “OK”.


Ironically the MSDN blog has some caution on why NOT to enable this option.  We had enabled this option long ago via GPO due to HIPAA compliant web-based applications.  Now with Bitlocker and other supporting security, this is a risk-reward compromise.




Seafile HTTPS Install on Windows Server 2012 R2; Step-by-Step

A step-by-step tutorial on getting a functional Seafile Windows Server that does HTTP/HTTPS syncing (port 443 only) running on Windows Server 2012 R2 with IIS 8.5 and Seafile Windows Server 4.0.6.

I cannot provide screenshots for every step. I am only documenting what I did, what issues I encountered, and what was my final configuration.  These steps were based off of this post by Jeffrey Tay.

Step 1: Install Seafile Server for Windows. Specifically “Download and Setup Seafile Windows Server“.

Step 2: Install IIS. Courtesy to Jack Stromberg and this post which cover the install in brief. Make sure you can access the IIS default page at http://localhost/ to confirm IIS is running correctly.

Step 3: Install Application Request Routing (ARR) 3.0. Another post by Jack Stromberg covers the install. Download ARR 3.0 and follow steps 1-5 from Jack’s post under “Installing IIS Application Request Routing (ARR) 3”.

Step 4: (Optional) Generate and install your SSL certificate. I hesitate to make this optional, but please go get an SSL certificate. Self-signed certificates were problematic for me with Seafile and the hassle was not worth it.  A kudos to my hosting provider, EZPZ Hosting, who offers free, basic SSL certificates or Godaddy, or NameCheap, or Comodo; all work for a basic SSL certificate.

I’ll refer you to GoDaddy which has a simple write-up for generating the CSR Request and importing the certificate back into IIS. On the right side of the IIS Manager is where you launch the wizard to get the process started.

Step 3: Create your Seafile site. Create an empty directory for the “Physical path:” and select the “SSL certificate” that you created and imported in the prior step.  Note: the screenshot shows “Not selected”. This is where you select your imported certificate.

Step 5: Create a web.config file in the “Physical path:”. Note: other examples on the internet did not properly add the appendQueryString=”true” for both Seafile rules. The web.config first checks if HTTPS is being used, if not it redirects to HTTPS, then it checks to see if it is using the “seafhttp/” subdirectory and reverse proxies to, and lastly it reverse proxies everything else to

Download the following web.config file (which has clean indenting) or, using Notepad, copy and paste the following into a new web.confg file (Warning: make sure Notepad did not append .txt upon saving):

<?xml version="1.0" encoding="UTF-8"?>
 <location path="" overrideMode="Deny">
 <requestFiltering allowDoubleEscaping="true" />
 <clear />
 <rule name="Redirect to HTTPS" enabled="true" stopProcessing="true">
 <match url="(.*)" />
 <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
 <add input="{HTTPS}" pattern="^OFF$" />
 <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
 <rule name="seafilehttp" stopProcessing="true">
 <match url="seafhttp/(.*)" />
 <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
 <action type="Rewrite" url="{R:1}" appendQueryString="true" logRewrittenUrl="true" />
 <rule name="seafile" enabled="true" stopProcessing="true">
 <match url="(.*)" />
 <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
 <action type="Rewrite" url="http://localhost:8000/{R:1}" appendQueryString="true" logRewrittenUrl="true" />
 <preCondition name="ResponseIsHtml1">
 <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
 <httpErrors errorMode="DetailedLocalOnly" />

Step 6: Check “Enable Proxy” under AAR 3.0.  Refer to steps 1-6 courtesy of this article from Microsoft.

Step 7: Enable 2GB large uploads (30MB is the default) in IIS. Open an elevated/ Administrator command prompt and run:

c:\windows\system32\inetsrv\appcmd set config -section:requestFiltering -requestLimits.maxAllowedContentLength:2000000000

See Option 2 from this IPSWITCH knowledge base article.

Step 8: Make sure your Seafile config files are properly set.

In “seahub_settings.py” change and make sure you do not have a trailing “/” after seafhttp.

FILE_SERVER_ROOT = 'https://<your-domain-name>/seafhttp'

In “ccnet.conf” change the following and I have a trailing “/”

SERVICE_URL = https://<your-domain-name>

Step 7: Restart IIS, Seafile, and go test your new, secured, HTTP-sync-enabled Seafile server.

An easy way to test the IIS rewrite rules for seafhttp is trying the following two URLs; adding or removing the trailing “/”. I came across these debugging URLs from a Seafile support forum thread. It identified an error in my web.config that I posted above that was missing the trailing “seafhttp/”.


should return “Sorry, but the requested page could not be found.” with the typical Seafile login UI header and footer.


should return {“version”: 1} as text-only with no images.

Before trying HTTPS, make sure you can get HTTP working.  Once trying HTTPS, make sure your 2102R2 machine has the correct time.  It must be accurate for HTTPS.  Use NTP.

Here are a few supporting URLs that may be helpful in debugging HTTPS syncing:
Can’t download any file over mobile device
Seafile Protocol: Are ports 8082, 10001 and 12001 safe and/or necessary?
upgraded to new client (4.2.0) bad response 404 for protocol version
Problems using Seahub on non-root domain
Client always tries /seafhttp/protocol-version
Lighttpd rewrite issue (v1.4)

Enforcing HTTPS & WWW prefix with Apache .htaccess redirects using cPanel

First post is simple.  I wanted a simple way to enforce both HTTPS (TLS/SSL) and the WWW prefix while gracefully handling whatever the user enters.

I am not going to get into the age old debate.  Every domain admin must make the choice.  The combination of sub-domain DNS round-robin, cookies, and the that every non-technical user expects WWW, I chose to redirect to the WWW prefix.  The wrinkle was I also wanted to enforce HTTPS.  After searching for a few minutes I cobbled together a working and flexible solution which does not hard code the domain name.  Kudos to this stackoverflow thread which did most of the heavy lifting.

RewriteOptions inherit
RewriteEngine On

#First rewrite any request to the correct one (i.e. adding "www." if it does not exist)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#After checking and adding "www." if necessary, then rewrite to HTTPS:
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

For those new to .htaccess configuration files (and since I am using cPanel) here is a simple article to get you started and how to apply the above config.

Speaking of cPanel/WHM and HTTPS, an honest referral to EZPZ Hosting.  Dan and his team have been superb since I became a customer back in 2010.  Their reseller accounts include unlimited free, basic SSL certificates.

EZPZ Hosting