Results 1 to 5 of 5

Hybrid View

  1. #1
    Join Date
    May 2013
    Posts
    8
    Plugin Contributions
    0

    Default Changes in .htaccess and SSL

    Hi everyone,
    I am experiencing certain problems with the SSL connection. The problem is that I can not change anything from the admin area (like edit customers, or installing SQL patches), if I follow the directions from my hosting.

    Basically I did the following.

    1. Changed the content .../includes /includes/configure.php Now it has:

    // Define the webserver and path parameters
    // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
    // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
    define('HTTP_SERVER', 'http://www.myDomain.ca');
    define('HTTPS_SERVER', 'https://www.myDomain.ca');

    // Use secure webserver for checkout procedure?
    define('ENABLE_SSL', 'true');



    2. Changed the content of .../admin/includes/configure.php So now it has:

    /**
    * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
    * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
    */
    define('HTTP_SERVER', 'http://www.myDomain.ca');
    define('HTTPS_SERVER', 'https://www.myDomain.ca');
    define('HTTP_CATALOG_SERVER', 'http://www.myDomain.ca');
    define('HTTPS_CATALOG_SERVER', 'https://www.myDomain.ca');

    // secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_ADMIN', 'true');

    // secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_CATALOG', 'true');


    3. To enable SSL I followed the instructions form my hosting and changed .htaccess at the root folder to include
    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://www.myDomain.ca/$1 [R]


    Without the last step (changes in .htaccess) zen cart is working perfectly, but the connection is unsecured. With the changes in .htaccess any change from the admin area gives me a security warning
    "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

    Are you sure you want to continue sending this information?"

    If I press on "Continue" I get the same page with all fields blank. However, no changes are made - I can see the the same fields I had before the attempt to edit.


    With the last step connection is secured, and everything except admin area is working.

    Thank you for help.

  2. #2
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Changes in .htaccess and SSL

    In the Admin file:
    /your_secret_admin/includes/configure.php

    Set all of these to https:
    Code:
    define('HTTP_SERVER', 'https://www.myDomain.ca');
    define('HTTPS_SERVER', 'https://www.myDomain.ca');
    define('HTTP_CATALOG_SERVER', 'https://www.myDomain.ca');
    define('HTTPS_CATALOG_SERVER', 'https://www.myDomain.ca');
    
    // secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_ADMIN', 'true');
    Now the whole Admin will be SSL ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today!]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  3. #3
    Join Date
    May 2013
    Posts
    8
    Plugin Contributions
    0

    Default Re: Changes in .htaccess and SSL

    Thanks, Ajeh!!!
    This solves my problem!

  4. #4
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Changes in .htaccess and SSL

    You are most welcome ... thanks for the update that this is working for you now ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today!]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  5. #5
    Join Date
    Feb 2012
    Location
    mostly harmless
    Posts
    1,809
    Plugin Contributions
    8

    Default Re: Changes in .htaccess and SSL

    Quote Originally Posted by Olga View Post
    ...
    3. To enable SSL I followed the instructions form my hosting and changed .htaccess at the root folder to include
    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://www.myDomain.ca/$1 [R]
    ...
    I'd recommend against using this snippet at all. It does not carry over query strings and can break POST requests made with HTTP. If you must "force" incoming links to HTTPS, the snippet should take both of these possibilities into consideration. Otherwise data may be lost. Additionally, links generated on the site should all use HTTPS (SSL) before using mod_rewrite to force requests from HTTP to HTTPS (to avoid extra unnecessary redirects).

    As already noted, simply changing the two "configure.php" files to list the server stating with "https://" will tell Zen Cart to generate all links with HTTPS (SSL). If one needs more than just the admin always in SSL (for example the entire website), this method works as well... Although there are some good reasons Zen Cart "out of box" does not make the entire website use HTTPS (SSL).
    Last edited by lhungil; 3 Apr 2014 at 04:15 PM.
    The glass is not half full. The glass is not half empty. The glass is simply too big!
    Where are the Zen Cart Debug Logs? Where are the HTTP 500 / Server Error Logs?
    Zen Cart related projects maintained by lhûngîl : Plugin / Module Tracker

 

 

Similar Threads

  1. .htaccess rewrite with folders and Private SSL?
    By littlehawk in forum Templates, Stylesheets, Page Layout
    Replies: 6
    Last Post: 14 Sep 2009, 07:10 PM
  2. ssl www and htaccess question/prob
    By Sckwooral in forum General Questions
    Replies: 1
    Last Post: 27 Jun 2008, 09:25 PM
  3. Completely confused about htaccess and SSL
    By GrandmaJ in forum General Questions
    Replies: 9
    Last Post: 22 May 2007, 01:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg