Thread: SSL suggestion

Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32
  1. #21
    Join Date
    Jul 2009
    Posts
    402
    Plugin Contributions
    0

    Default Re: SSL suggestion

    I have added also what follows to avoid continuous requests to change admin passwords at login.
    RewriteCond %{REQUEST_URI} !^/youradmin(/|$)
    so, all in all the .htaccess, in order to have everything working correctly, got the following lines:

    #Redirect all to https but anyotherfoldertoexclude and youradmin
    RewriteCond %{REQUEST_URI} !^/anyotherfoldertoexclude(/|$)
    RewriteCond %{REQUEST_URI} !^/youradmin(/|$)
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

    Ciao from Italy
    enzo
    Last edited by enzo-ita; 24 May 2016 at 11:43 PM.

  2. #22
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: SSL suggestion

    Quote Originally Posted by enzo-ita View Post
    I have added also what follows to avoid continuous requests to change admin passwords at login.
    If using SSL is causing you to get password-change required repeatedly then your site is NOT properly using "only SSL" for the Admin ... which suggests that you've got incorrect rewrites that are switching it incorrectly into non-SSL before going to the actual URL.

    And with v1.5.5 the admin operates entirely in SSL if you give it an SSL URL ... doesn't flip back and forth with any NON-SSL at all. (same as setting HTTP_SERVER to an https URL and setting ENABLE_SSL_ADMIN to 'false')
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #23
    Join Date
    Jul 2009
    Posts
    402
    Plugin Contributions
    0

    Default Re: SSL suggestion

    TKS.
    By now I will live with the .htaccess mods I made.
    Soon I will switch to 1.5.5 (as soon as I will be happy with the FEC plugin mods that I am doing) and I think alla theproblems will disappear because I am plannig to go to 1.5.5 treating it as new install.
    Ciao ciao
    enzo

  4. #24
    Join Date
    Jul 2009
    Posts
    402
    Plugin Contributions
    0

    Default Re: SSL suggestion

    DONE!
    I am very happy to tell you all that finally 1.5.5a is on line!
    For a small business like mine and considering I do no use any web agency neither programmer or graphic (I do all on my own, with the precious help of this forum) it is a real success.
    I still have a problem though and it is related to ssl

    I have set HTTP server as https and to false in both store and admin.
    I did not like the fact that if I call http://www.acquat ua.it it does not go directly to https://www.acquat ua.it so I mde a mod to the htaccess like follows
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]
    This actually did the job and also non https request is redirected to https Yeah! but...
    If I let the htacces as above, livelizza would not allow to login, if I disable the two lines livezilla will login perfectly.
    Now for the questions:

    As far as the big G and others are involved, is it important that http is redirected to https since the first page?
    If what above is true, how can I make livezilla login even with http redirected to https?

    Note that in the livezilla serve admin I have set the server to be https and the port 443.

    It is not a mjor problem but I have started this migration with the ami to create the best possible setting and this is bothering me.

    Thanks for help.

    ciao from Itlay
    enzo

  5. #25
    Join Date
    Jul 2009
    Posts
    402
    Plugin Contributions
    0

    Default Re: SSL suggestion

    No problem I solved also the livezilla incident.
    I had two servers configuration set and it was trying to login to the http while htacce was redirecting to https therefore trowing an error.
    Deleted the http and set the https as default now it works.
    However, thanks again to everyone for the precious help.
    I'll be waiting 1.6.0....

  6. #26
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: SSL suggestion

    All-in-all congratulations on getting setup and going. Good work!

    Hopefully you will continue to visit and support others on their journey!
    Last edited by mc12345678; 16 Jun 2016 at 05:24 PM.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  7. #27
    Join Date
    Jul 2009
    Posts
    402
    Plugin Contributions
    0

    Default Re: SSL suggestion

    Thanks for the congrats.
    I do not feel that I am capable to support anyone since I need support myself!
    However I will certainly be visiting the forum regularly.
    Ciao ciao
    enzo

  8. #28
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: SSL suggestion

    Quote Originally Posted by enzo-ita View Post
    Thanks for the congrats.
    I do not feel that I am capable to support anyone since I need support myself!
    However I will certainly be visiting the forum regularly.
    Ciao ciao
    enzo
    We all do at one time or another need support. Wouldn't be much of a community if that didn't exist. I'm sure there is something you have learned along this journey that could help the next individual with similar ttroubles. A link to a post or FAQ, how you resolved the same thing, maybe even a gentle nudge to provide more related information. In the long run such assistance is likely to help you get to know ZC even more. :)

    Hope you have a good weekend and keep reading!
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  9. #29
    Join Date
    Jul 2009
    Posts
    402
    Plugin Contributions
    0

    Default Re: SSL suggestion

    Hi guys.
    I am bringing u this thread because I am desperate.
    Since when I switched to SSL for the whoel site my sales dropped to about 30% of last year after seve year of constant sales increase year over year but even month to month.
    I know this may sound dumb and it should be impossible but I have really watched out all I know, checked and checked twice, statistics, adwords, analytcs and alla the other tools available. The only real connection to this drop seems to be the switch from non ssl to ssl (ssl for check out was there also before)
    I wonder if I may have done something wrong.
    Please let me know your opinion about.
    Thanks

  10. #30
    Join Date
    Aug 2007
    Location
    Gijón, Asturias, Spain
    Posts
    2,571
    Plugin Contributions
    30

    Default Re: SSL suggestion

    - ENABLE_SSL should be set to 'false' (because ENABLE_SSL is only set to 'true' when you want ZC to switch back and forth between http and https for certain secured pages)
    I don't find this nugget documented ANYWHERE else...in fact after spotting it last week it took me ages to find this post again to recheck it (doing this on my site caused a bug to surface https://www.zen-cart.com/showthread....93#post1319093).
    The faq/tutorial needs to be updated with this info.
    Steve
    github.com/torvista: Spanish Language Pack, Google reCaptcha, Structured Data, Multiple Copy-Move-Delete, Image Checker, BackupMySQL Admin/Auto...

 

 
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. docs suggestion
    By swguy in forum Upgrading to 1.5.x
    Replies: 2
    Last Post: 9 Nov 2011, 11:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR