Admin - if SSL enabled, should every Admin page be in SSL?

**voluntaryist.only** · 8 Dec 2012, 09:10 AM

Hi BrByte,
thanks for that, sorry for the long delay in replying, I must not have ticked the email notification thingy, if I understand you right, you say i should change this (see third line) :

define('HTTP_SERVER', 'http://www.mywebsite.co.uk');
define('HTTPS_SERVER', 'https://www.mywebsite.co.uk');
define('HTTP_CATALOG_SERVER', 'http://www.mywebsite.co.uk'); < change part of this line>
define('HTTPS_CATALOG_SERVER', 'https://www.mywebsite.co.uk');

changed below:

define('HTTP_SERVER', 'http://www.mywebsite.co.uk');
define('HTTPS_SERVER', 'https://www.mywebsite.co.uk');
define('HTTP_CATALOG_SERVER', 'https://www.mywebsite.co.uk'); < change part of this line, changed the http to https>
define('HTTPS_CATALOG_SERVER', 'https://www.mywebsite.co.uk');

is this right?

i must say the instruction is not clear on this if it is the case. thanks for spotting it & thanks for your help in this as well.

regards,

ed

**DrByte** · 8 Dec 2012, 09:13 AM

No. This whole thread is about the ADMIN, right? So, in your admin configure.php file, HTTP_SERVER is the path used for your Admin pages. So, to secure your Admin, you need to make your HTTP_SERVER be the valid https URL. Basically, telling/tricking the system into always using https because even for http requests you've given it an https address to use.

The "line 3" that you mentioned is for anything the Admin code needs to reference in the "catalog", also known as "storefront" or "store" or "non-admin" part of your site. Touching that value is mostly meaningless in this context.

**voluntaryist.only** · 8 Dec 2012, 09:30 AM

so what do I do? i am confused now, where should I make changes....

**kobra** · 8 Dec 2012, 05:08 PM

You posted

Code:

define('HTTP_SERVER', 'http://www.mywebsite.co.uk');
define('HTTPS_SERVER', 'https://www.mywebsite.co.uk');
define('HTTP_CATALOG_SERVER', 'https://www.mywebsite.co.uk'); 
define('HTTPS_CATALOG_SERVER', 'https://www.mywebsite.co.uk');

And you need this

Code:

define('HTTP_SERVER', 'https://www.mywebsite.co.uk');
define('HTTPS_SERVER', 'https://www.mywebsite.co.uk');
define('HTTP_CATALOG_SERVER', 'https://www.mywebsite.co.uk');
define('HTTPS_CATALOG_SERVER', 'https://www.mywebsite.co.uk');

Originally Posted by DrByte

you need to make your HTTP_SERVER be the valid https URL

**voluntaryist.only** · 8 Dec 2012, 07:44 PM

Hi Kobra,
thanks for that, changed & works. Part of the problem was that the changes were not sticking due to the file permissions, all good now, thank you very much!

best regards,

ed