Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default SSL is on, but http:// login page does not redirect to https://

    I have SSL turned on in both configure files, and all of my shopping cart and login pages appear to redirect properly to the https:// pages.

    BUT if I specifically type in http://www.mystore.com/index.php?main_page=login it does not redirect to the https:// version of the page. This is causing a PCI compliance error.

    Any thoughts what could cause this problem?

    Thanks!

  2. #2
    Join Date
    Nov 2007
    Location
    Melbourne, Australia
    Posts
    541
    Plugin Contributions
    0

    Default Re: SSL is on, but http:// login page does not redirect to https://

    Its the same for me, but the form sends the information to the secure link. That should be fine. So its not a problem as you said. I guess you can change the code and redirect always to the secure page for the login. Maybe in you htaccess file that would be the easiest as you dont have to change code.

  3. #3
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: SSL is on, but http:// login page does not redirect to https://

    i suppose it shouldn't be a problem. but PCI compliance scanner is still giving errors for it

    do you have an example code that should be put into htaccess?

  4. #4
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: SSL is on, but http:// login page does not redirect to https://

    Apparently it's a false positive from the PCI scanner... so we'll be awaiting the results once more and have another go at it.

    wish me luck :)

  5. #5
    Join Date
    Dec 2009
    Posts
    12
    Plugin Contributions
    0

    Default Re: SSL is on, but http:// login page does not redirect to https://

    Hello there, I am going through the same problem. I want to redirect the unsecure login page to ssl login page.
    could you please tell me what i am supposed to code in htaccess file?

    Many thanks in advance

  6. #6
    Join Date
    Jun 2003
    Posts
    33,715
    Plugin Contributions
    0

    Default Re: SSL is on, but http:// login page does not redirect to https://

    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  7. #7
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: SSL is on, but http:// login page does not redirect to https://

    Hello Kim,

    Thank you for the reply. But the SSL is already turned on, as instructed in that tutorial.

    The issue is that after running a PCI scan, the site has failed becuase they were able to hack and get to the login page without using the https://

    ie, if you type in the login URL directly into the address bar, using http:// it will allow you to get there, instead of forwarding you along to https://

  8. #8
    Join Date
    Jun 2003
    Posts
    33,715
    Plugin Contributions
    0

    Default Re: SSL is on, but http:// login page does not redirect to https://

    The issue is that after running a PCI scan, the site has failed becuase they were able to hack and get to the login page without using the https://

    ie, if you type in the login URL directly into the address bar, using http:// it will allow you to get there, instead of forwarding you along to https://
    Why should they care? A real customer is never going to change the URL and the information is still sent via HTTPS when it is submitted.
    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  9. #9
    Join Date
    Jun 2009
    Location
    Orange County, California
    Posts
    544
    Plugin Contributions
    18

    Default Re: SSL is on, but http:// login page does not redirect to https://

    I agree, why should they care... but they do, and if it's not fixed my website does not pass PCI compliance.

    What can i do to fix this?

  10. #10
    Join Date
    Dec 2009
    Posts
    12
    Plugin Contributions
    0

    Default Re: SSL is on, but http:// login page does not redirect to https://


    Kim,

    Many thanks for your reply. i did have a look at the tutorial before i posted my previous message. in fact that is how is learnt how to turn on ssl. the trouble i got now is that, when i go to admin login page the ssl is on but when click on Log in page in the site (as a customer) it is not diverting to https://iwantthattoy.co.uk/index.php?main_page=login instead it remains as
    http://iwantthattoy.co.uk/index.php?main_page=login


    Help please!

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 12
    Last Post: 22 Sep 2010, 04:43 PM
  2. redirect http to https
    By alina in forum General Questions
    Replies: 1
    Last Post: 10 Jul 2010, 04:46 PM
  3. SSL works but all links remain http not https
    By spriggig in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 2 Oct 2008, 08:10 AM
  4. banner images show in https but not http
    By makenoiz in forum General Questions
    Replies: 10
    Last Post: 26 May 2008, 04:48 AM
  5. Admin login with https but refreshes http?
    By dnuttall in forum Basic Configuration
    Replies: 5
    Last Post: 10 Feb 2007, 08:46 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR