Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Join Date
    Jan 2013
    Posts
    7
    Plugin Contributions
    0

    Default SSL Secure Content Issue

    Hi all,

    I have a read a lot of posts about SSL problems but still can't see how to fix my issue.
    The issue is that I get the message in IE 'Only Secure Content is displayed' when switching to My Account which is https. This doesn't happen in google Chrome btw.

    Using Fiddler(http analyser) I can see that there are still some HTTP calls after I have switched to My Account and gone secure.

    How can I fix this?

    The first thing it tries to load once I try to go secure is the stylesheet using http therefore once I have clicked the IE 'show all content' button the page is formatted correctly but until then all the formatting is lost.

    I am using shared SSL.

    Thanks,
    Mark

  2. #2
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: SSL Secure Content Issue

    I see that you skipped including any of the information from the questions asked in the Posting Tips section of the screen where you post your message/reply. Please click Reply and answer those questions, including your URL and also who your hosting company is.

    Also check out this article: http://www.zen-cart.com/content.php?...lly-encrypted)
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jan 2013
    Posts
    7
    Plugin Contributions
    0

    Default Re: SSL Secure Content Issue

    Thank Dr Byte.
    Here is some more info as requeted.
    Zen Cart Version is 1.5.1
    No plugins are installed
    I installed zen cart via FTP and run zc_install and this is my first store

    •What version of PHP and MySQL is your server using? (See Admin->Tools->Server Info)
    Server OS: Linux linweb15.linvh1.fasthosts.co.uk 2.6.18-308.13.1.el5 #1 SMP Tue Aug 21 17:10:18 EDT 2012 x86_64
    Database: MySQL 5.0.95-log
    HTTP Server: Apache
    PHP Version: 5.2.17 (Zend: 2.2.0)

    The problem started when I created a shared SSL directory and turned on SSL.

    The URL is http://www.hometweeks.com/ - then click my account.
    The hosting company is Fasthosts and I am using shared SSL.

    From Fiddler this is where it goes wrong (secure directory name ***ed removed for security)
    This makes sense as the page formatting is lost until the show all content in IE is clicked.
    This is fiddler data captured after the button is clicked.

    https://secure30.prositehosting.co.u...ombnfeugu7h9h0
    https://urs.microsoft.com/urs.asmx?M.../kyiG7sjVnc%3d
    http://www.hometweeks.com/h****/incl...stylesheet.css
    http://www.hometweeks.com/h****/incl...ss_buttons.css

    Thanks for any help.

  4. #4
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: SSL Secure Content Issue

    Aha. Classic problem with Fasthosts. Their SSL is completely unconventional, and Zen Cart has no way of detecting that the page is actually in SSL mode.

    Normal hosts are configured in a way that enables at least one of the test in the following script (see link) to indicate whether the page is in SSL mode. Clearly yours does not.
    Most of the time Fasthosts customers must find a more conventional hosting company if they wish to use SSL with ecommerce.

    Try this ssltest script, and report back its output:
    http://www.zen-cart.com/forum/showpo...87&postcount=4
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Jan 2013
    Posts
    7
    Plugin Contributions
    0

    Default Re: SSL Secure Content Issue

    Thanks Dr Byte:
    Here is the output for
    http://www.hometweeks.com/ssltest.php
    Protocol detected: NONSSL



    Array
    (
    [PHP_FCGI_CHILDREN] => 0
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [PWD] => /var/www/fcgi
    [SHLVL] => 0
    [PHP_FCGI_MAX_REQUESTS] => 100
    [FCGI_ROLE] => RESPONDER
    [REDIRECT_HANDLER] => application/x-httpd-php
    [REDIRECT_STATUS] => 200
    [HTTP_ACCEPT] => application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    [HTTP_ACCEPT_LANGUAGE] => en-GB
    [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDC; InfoPath.3; .NET4.0C; AskTbORJ/5.15.2.23037; BOIE9;ENUS)
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_HOST] => www.hometweeks.com
    [HTTP_CONNECTION] => Keep-Alive
    [SERVER_SIGNATURE] =>
    [SERVER_SOFTWARE] => Apache
    [SERVER_NAME] => www.hometweeks.com
    [SERVER_ADDR] => 88.208.252.206
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 95.148.187.34
    [DOCUMENT_ROOT] => /home/linweb15/h/hometweeks.com/user/htdocs
    [SERVER_ADMIN] => root@localhost
    [SCRIPT_FILENAME] => /home/linweb15/h/hometweeks.com/user/htdocs/ssltest.php
    [REMOTE_PORT] => 54402
    [REDIRECT_URL] => /ssltest.php
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] =>
    [REQUEST_URI] => /ssltest.php
    [SCRIPT_NAME] => /ssltest.php
    [ORIG_SCRIPT_FILENAME] => /var/www/fcgi/php-cgi
    [ORIG_PATH_INFO] => /ssltest.php
    [ORIG_PATH_TRANSLATED] => /home/linweb15/h/hometweeks.com/user/htdocs/ssltest.php
    [ORIG_SCRIPT_NAME] => /fcgi-bin/php-cgi
    [PHP_SELF] => /ssltest.php
    [REQUEST_TIME] => 1358881789
    )

    and here is the output for
    https://www.hometweeks.com/hotwsec/ssltest.php

    Protocol detected: NONSSL



    Array
    (
    [PHP_FCGI_CHILDREN] => 0
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [PWD] => /var/www/fcgi
    [SHLVL] => 0
    [PHP_FCGI_MAX_REQUESTS] => 100
    [FCGI_ROLE] => RESPONDER
    [REDIRECT_HANDLER] => application/x-httpd-php
    [REDIRECT_STATUS] => 200
    [HTTP_HOST] => hometweeks.com
    [HTTP_ACCEPT] => */*
    [HTTP_ACCEPT_LANGUAGE] => en-GB
    [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDC; InfoPath.3; .NET4.0C; AskTbORJ/5.15.2.23037; BOIE9;ENUS)
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_X_FORWARDED_FOR] => 95.148.187.34
    [HTTP_X_FORWARDED_HOST] => www.hometweeks.com
    [HTTP_X_FORWARDED_SERVER] => secure30.prositehosting.co.uk
    [HTTP_CONNECTION] => Keep-Alive
    [SERVER_SIGNATURE] =>
    [SERVER_SOFTWARE] => Apache
    [SERVER_NAME] => hometweeks.com
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 127.0.0.1
    [DOCUMENT_ROOT] => /home/linweb15/h/hometweeks.com/user/htdocs
    [SERVER_ADMIN] => root@localhost
    [SCRIPT_FILENAME] => /home/linweb15/h/hometweeks.com/user/htdocs/hotwsec/ssltest.php
    [REMOTE_PORT] => 46532
    [REDIRECT_URL] => /hotwsec/ssltest.php
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] =>
    [REQUEST_URI] => /hotwsec/ssltest.php
    [SCRIPT_NAME] => /hotwsec/ssltest.php
    [ORIG_SCRIPT_FILENAME] => /var/www/fcgi/php-cgi
    [ORIG_PATH_INFO] => /hotwsec/ssltest.php
    [ORIG_PATH_TRANSLATED] => /home/linweb15/h/hometweeks.com/user/htdocs/hotwsec/ssltest.php
    [ORIG_SCRIPT_NAME] => /fcgi-bin/php-cgi
    [PHP_SELF] => /hotwsec/ssltest.php
    [REQUEST_TIME] => 1358881890
    )

  6. #6
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: SSL Secure Content Issue

    Your host is proxying SSL on a completely different server, and not passing on any of the standard/recommended settings that denote that it's running in SSL.
    They've not even set up their proxying smartly ... they're specifically proxying for the purposes of SSL, but they're not even bothering to set the HTTP_X_FORWARDED_SSL or HTTP_X_FORWARDED_PROTO values.

    Here are two possible courses of action:

    1. Edit /includes/init_includes/init_file_db_names.php
    Code:
                     (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'ssl' || strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https')) ||
                     (isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && strpos(strtolower($_SERVER['HTTP_X_FORWARDED_SERVER']), str_replace('https://', '', HTTPS_SERVER)) !== false) ||
                     (isset($_SERVER['HTTP_SSLSESSIONID']) && $_SERVER['HTTP_SSLSESSIONID'] != '') ||
    In fact, you could add this change to the ssltest.php script first, and see what its output is. I'd like to know what you discover from it.
    But you'd need to copy your define for HTTPS_SERVER from your configure.php onto the 2nd line of the ssltest.php file for it to give accurate results.

    2. If that doesn't work, you might get around it by adding your specific host's forwarding address to the list of things checked:
    (And, yes, you can test it in ssltest.php first ... if you have to use this second approach, please post the results from ssltest.php for further inspection.)
    Code:
                     (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'ssl' || strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https')) ||
           (isset($_SERVER['HTTP_X_FORWARDED_SERVER']) &&  $_SERVER['HTTP_X_FORWARDED_SERVER'] == 'secure30.prositehosting.co.uk')  ||
                     (isset($_SERVER['HTTP_SSLSESSIONID']) && $_SERVER['HTTP_SSLSESSIONID'] != '') ||
    NOTE TO FUTURE READERS OF THIS POST: This code suggestion is unique to this particular site setup, and would need to be adapted uniquely to your own specific setup if you were to try using it on your site.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Jan 2013
    Posts
    7
    Plugin Contributions
    0

    Default Re: SSL Secure Content Issue

    Thanks for your reply - will try that this week hopefully.
    Lifes been a bit hectic but I won't bore you with the details.

  8. #8
    Join Date
    Jan 2013
    Posts
    7
    Plugin Contributions
    0

    Default Re: SSL Secure Content Issue

    Dr Byte,
    thanks for your patience I finally got round to this....

    Adding the change to the ssltest.php first i got the following results:

    So for http://www.hometweeks.com/ssltest.php - i got
    Protocol detected: NONSSL



    Array
    (
    [PHP_FCGI_CHILDREN] => 0
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [PWD] => /var/www/fcgi
    [SHLVL] => 0
    [PHP_FCGI_MAX_REQUESTS] => 100
    [FCGI_ROLE] => RESPONDER
    [REDIRECT_HANDLER] => application/x-httpd-php
    [REDIRECT_STATUS] => 200
    [HTTP_ACCEPT] => application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    [HTTP_ACCEPT_LANGUAGE] => en-GB
    [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDC; InfoPath.3; .NET4.0C; AskTbORJ/5.15.2.23037; .NET4.0E; BOIE9;ENUS)
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_HOST] => www.hometweeks.com
    [HTTP_CONNECTION] => Keep-Alive
    [SERVER_SIGNATURE] =>
    [SERVER_SOFTWARE] => Apache
    [SERVER_NAME] => www.hometweeks.com
    [SERVER_ADDR] => 88.208.252.206
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 95.148.185.191
    [DOCUMENT_ROOT] => /home/linweb15/h/hometweeks.com/user/htdocs
    [SERVER_ADMIN] => root@localhost
    [SCRIPT_FILENAME] => /home/linweb15/h/hometweeks.com/user/htdocs/ssltest.php
    [REMOTE_PORT] => 60321
    [REDIRECT_URL] => /ssltest.php
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] =>
    [REQUEST_URI] => /ssltest.php
    [SCRIPT_NAME] => /ssltest.php
    [ORIG_SCRIPT_FILENAME] => /var/www/fcgi/php-cgi
    [ORIG_PATH_INFO] => /ssltest.php
    [ORIG_PATH_TRANSLATED] => /home/linweb15/h/hometweeks.com/user/htdocs/ssltest.php
    [ORIG_SCRIPT_NAME] => /fcgi-bin/php-cgi
    [PHP_SELF] => /ssltest.php
    [REQUEST_TIME] => 1360516846
    )

    FOR https://www.hometweeks.com/hotwsec/ssltest.php I got
    (and also a certificate error)
    Protocol detected: SSL



    Array
    (
    [PHP_FCGI_CHILDREN] => 0
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [PWD] => /var/www/fcgi
    [SHLVL] => 0
    [PHP_FCGI_MAX_REQUESTS] => 100
    [FCGI_ROLE] => RESPONDER
    [REDIRECT_HANDLER] => application/x-httpd-php
    [REDIRECT_STATUS] => 200
    [HTTP_HOST] => hometweeks.com
    [HTTP_ACCEPT] => application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    [HTTP_ACCEPT_LANGUAGE] => en-GB
    [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDC; InfoPath.3; .NET4.0C; AskTbORJ/5.15.2.23037; .NET4.0E; BOIE9;ENUS)
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_X_FORWARDED_FOR] => 95.148.185.191
    [HTTP_X_FORWARDED_HOST] => www.hometweeks.com
    [HTTP_X_FORWARDED_SERVER] => secure30.prositehosting.co.uk
    [HTTP_CONNECTION] => Keep-Alive
    [SERVER_SIGNATURE] =>
    [SERVER_SOFTWARE] => Apache
    [SERVER_NAME] => hometweeks.com
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 127.0.0.1
    [DOCUMENT_ROOT] => /home/linweb15/h/hometweeks.com/user/htdocs
    [SERVER_ADMIN] => root@localhost
    [SCRIPT_FILENAME] => /home/linweb15/h/hometweeks.com/user/htdocs/hotwsec/ssltest.php
    [REMOTE_PORT] => 58873
    [REDIRECT_URL] => /hotwsec/ssltest.php
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] =>
    [REQUEST_URI] => /hotwsec/ssltest.php
    [SCRIPT_NAME] => /hotwsec/ssltest.php
    [ORIG_SCRIPT_FILENAME] => /var/www/fcgi/php-cgi
    [ORIG_PATH_INFO] => /hotwsec/ssltest.php
    [ORIG_PATH_TRANSLATED] => /home/linweb15/h/hometweeks.com/user/htdocs/hotwsec/ssltest.php
    [ORIG_SCRIPT_NAME] => /fcgi-bin/php-cgi
    [PHP_SELF] => /hotwsec/ssltest.php
    [REQUEST_TIME] => 1360516977
    )

    I will try this on the live site next.

    Thanks,
    Mark

  9. #9
    Join Date
    Jan 2013
    Posts
    7
    Plugin Contributions
    0

    Default Re: SSL Secure Content Issue

    Dr Byte thanks - sorted - The item 1 edit above to /includes/init_includes/init_file_db_names.php

    Many Many thanks,
    Mark

  10. #10
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,268
    Plugin Contributions
    3

    Default Re: SSL Secure Content Issue

    Quote Originally Posted by Mark_uk View Post
    Dr Byte thanks - sorted - The item 1 edit above to /includes/init_includes/init_file_db_names.php

    Many Many thanks,
    Mark
    While you have the chance, MOVE your site to a proper host.

    Fasthosts are not appropriate for eCommerce. About 4 years ago we inherited a client who insisted on hosting with them, and it almost killed her attempts at running an online business.

    If you want to run an online business, and hope to make some money out of it, you owe it to your (potential) customers to provide a reliable, robust and secure shopping environment.

    Move while you can... if you can't get a refund, don't worry... write it off. You risk losing vastly greater amounts if you stick with those clowns.

    There are a few really good hosts - PM me if you need advice here.
    20 years a Zencart User

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v154 SSL Only Secure Content is Displayed
    By bobc in forum General Questions
    Replies: 2
    Last Post: 7 Dec 2015, 10:09 PM
  2. v150 SSL warning mixed secure non-secure content
    By familynow in forum Basic Configuration
    Replies: 2
    Last Post: 1 Oct 2013, 04:13 PM
  3. Authorize.net SIM v1.3.9h Secure/Non-Secure content error
    By KevinH in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 6 Oct 2012, 05:15 PM
  4. SSL Issue - Non Secure Items
    By esugrue in forum Templates, Stylesheets, Page Layout
    Replies: 1
    Last Post: 10 Apr 2009, 04:25 AM
  5. Replies: 8
    Last Post: 6 Jul 2008, 07:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg