Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14
  1. #11
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Admin using non-SSL domain name to build admin URLs

    Further to the above discussion, if you want your entire Admin to be SSL-protected, then set BOTH your HTTP_SERVER and HTTPS_SERVER to your https URL.

    This is explained, in passing, in this article: http://www.zen-cart.com/content.php?...alled-zen-cart and is also the default in new installations of current versions of Zen Cart.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  2. #12
    Join Date
    Feb 2011
    Posts
    21
    Plugin Contributions
    0

    Default Re: Admin using non-SSL domain name to build admin URLs

    Ha, I was trying to obscure the actual URL by using example.com, but clearly I screwed up. I might as well paste the unmodified configure.php contents now, which I will do at the bottom. It was late last night - clearly I wasn't with it as I made a couple of other mistakes, see below :-) The problem is still unresolved.

    The SSL error you were getting at secure.faircake.co.uk was because of an typo I made when restoring the rewrites/redirects after removing them for testing as mentioned in my earlier post. When restoring the config I accidentally disabled the SSL engine entirely. I have restored SSL, which works fine, as previously mentioned.

    The rewrites are both rewrites and redirects. They are rewrites in the sense that they are implemented using Apache's mod_rewrite, via directives RewriteCond and RewriteRule. They are redirects in that they are configured to return a 301 permanent redirect respnse to the client.

    In any event the rewrites/redirects are definitely not the source of the problem and can be eliminated from consideration as mentioned in my earlier post. I have tried removing them from the config entirely on both SSL and non-SSL domains, and disabling the rewrite engine altogether. It had no effect on the admin URL problem.

    This is going to cause no end of headaches. Redirecting a https request to a http server is a classic setup for an endless loop.
    That was just another late-night screw up when typing my post. The redirect is not from https to http, it is from https to https. My config has no redirect loops and in any event I've already verified that the redirects aren't causing the problem by removing them entirely.

    As suggested by Schoolboy, get rid of any .htaccess in the ROOT folder. Yes, I/we are aware that you may have been using these rules for many years without any issue, but the fact remains, you *do* have an issue so these need to be eliminated from the equation until the cause if found. Then, and only then should you consider adding .htaccess rules to cater for specific and/or unusual needs.
    As I've already explained in an earlier post, I do not have any .htaccess in the ROOT folder. My rewrite rules are in the main httpd.conf, and again I have tested without those rules present so they are 100% certainly not the cause of the problem.

    ps. Always clear your cache files and/or refresh your browser when making any config changes. It is easy to lead yourself astray otherwise (experience speaking).
    I have been clearing the cache, cookies, history and all other clear options in Chrome and restarting the browser every time I test this. I am also pretty sure that browser state problems wouldn't be causing admin to build the internal link URLs with the wrong domain name.

    Thanks,
    Tom

    Actual configure.php file contents. Admin:

    PHP Code:
      define('HTTP_SERVER''http://www.faircake.co.uk');
      
    define('HTTPS_SERVER''https://secure.faircake.co.uk');
      
    define('HTTP_CATALOG_SERVER''http://www.faircake.co.uk');
      
    define('HTTPS_CATALOG_SERVER''https://secure.faircake.co.uk');

      
    // Use secure webserver for catalog module and/or admin areas?
      
    define('ENABLE_SSL_CATALOG''true');
      
    define('ENABLE_SSL_ADMIN''true'); 
    Non-Admin:
    PHP Code:
      define('HTTP_SERVER''http://www.faircake.co.uk');
      
    define('HTTPS_SERVER''https://secure.faircake.co.uk');

      
    // Use secure webserver for checkout procedure?
      
    define('ENABLE_SSL''true'); 
    Last edited by omnicognate; 2 Apr 2013 at 07:53 AM.

  3. #13
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Admin using non-SSL domain name to build admin URLs

    Admin ONLY:
    define('HTTP_SERVER', 'https://secure.faircake.co.uk');
    define('HTTPS_SERVER', 'https://secure.faircake.co.uk');
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #14
    Join Date
    Feb 2011
    Posts
    21
    Plugin Contributions
    0

    Default Re: Admin using non-SSL domain name to build admin URLs

    Quote Originally Posted by DrByte View Post
    Admin ONLY:
    define('HTTP_SERVER', 'https://secure.faircake.co.uk');
    define('HTTPS_SERVER', 'https://secure.faircake.co.uk');
    Oops, sorry DrByte, I missed your earlier post. That'll be it, I'm sure.

    Thanks for your help!

    Tom

 

 
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Admin login failing when domain name is changed
    By Fooey in forum Templates, Stylesheets, Page Layout
    Replies: 8
    Last Post: 16 Dec 2009, 08:52 PM
  2. Moving Website Domain Name - Admin isn't working
    By rternier in forum Basic Configuration
    Replies: 5
    Last Post: 8 Mar 2009, 12:53 AM
  3. Changing my domain name - what to change in admin?
    By julieoolie in forum General Questions
    Replies: 3
    Last Post: 7 Jan 2009, 01:07 AM
  4. The Admin page menu using what to build it?
    By explorer1979 in forum General Questions
    Replies: 0
    Last Post: 18 Jan 2007, 04:36 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR