Results 1 to 10 of 10
  1. #1
    Join Date
    Nov 2013
    Location
    China
    Posts
    75
    Plugin Contributions
    0

    Default The mian page did not go to https

    I have a headache question,when i type www.mywebsite.com it will not go to https://www.mywebsite.com

    But for any other page it will automatically go to HTTPS. when i click main page it also will go https,do not know what's the hell going on,driving me cray...

    Someone please help,how to solve the problem?

  2. #2
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: The mian page did not go to https

    That's not a Zen Cart problem.

    What you are essentially asking is how do you not only make your entire site served as https: but how do you ensure that everyone trying to access your site arrives at https:.

    There was a snippet of. Htaccess code posted recently that could help with this:https://www.zen-cart.com/showthread....49#post1322749

    It doesn't provide the specific remedy, but is somewhat along the lines of what you are looking.
    Basically you want to detect/pickup whether they have accessed via http: or https: and if http: then redirect to https:
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  3. #3
    Join Date
    Nov 2013
    Location
    China
    Posts
    75
    Plugin Contributions
    0

    Default Re: The mian page did not go to https

    Quote Originally Posted by mc12345678 View Post
    That's not a Zen Cart problem.

    What you are essentially asking is how do you not only make your entire site served as https: but how do you ensure that everyone trying to access your site arrives at https:.

    There was a snippet of. Htaccess code posted recently that could help with this:https://www.zen-cart.com/showthread....49#post1322749

    It doesn't provide the specific remedy, but is somewhat along the lines of what you are looking.
    Basically you want to detect/pickup whether they have accessed via http: or https: and if http: then redirect to https:
    Thanks,what i mean is when i type www.mywebsite.com,it will not go to htttps://www.mywebsite.com or when i type any of the website link without https,it will not go to ssl.But after i enter into mywebsite,just click any content,it will go to https... This is really wired.

    Also i found something strange,in configure file,website will not to to https if i do the following setting

    PHP Code:
    define('HTTP_SERVER''http://www.mysite.com');
    define('HTTPS_SERVER''https://www.mysite.com');

    /**
     *  If you want to tell Zen Cart to use your HTTPS URL on sensitive pages like login and checkout, set this to 'true'. Otherwise 'false'. (Keep the quotes)
     */
    define('ENABLE_SSL''true'); 
    I need to change
    HTTP_SERVER', 'http://www.mysite.com
    to
    HTTP_SERVER', 'https://www.mysite.com
    Last edited by e-standard; 12 Dec 2016 at 01:27 AM.

  4. #4
    Join Date
    Nov 2013
    Location
    China
    Posts
    75
    Plugin Contributions
    0

    Default Re: The mian page did not go to https

    Thanks,i figure it out, solve the problem by enable HSTS

  5. #5
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: The mian page did not go to https

    Quote Originally Posted by e-standard View Post
    Thanks,what i mean is when i type www.mywebsite.com,it will not go to htttps://www.mywebsite.com or when i type any of the website link without https,it will not go to ssl.But after i enter into mywebsite,just click any content,it will go to https... This is really wired.

    Also i found something strange,in configure file,website will not to to https if i do the following setting

    PHP Code:
    define('HTTP_SERVER''http://www.mysite.com');
    define('HTTPS_SERVER''https://www.mysite.com');

    /**
     *  If you want to tell Zen Cart to use your HTTPS URL on sensitive pages like login and checkout, set this to 'true'. Otherwise 'false'. (Keep the quotes)
     */
    define('ENABLE_SSL''true'); 
    I need to change
    HTTP_SERVER', 'http://www.mysite.com
    to
    HTTP_SERVER', 'https://www.mysite.com
    How your store was operating is exactly as designed and standard, there was no confusion in that respect.

    ZC in a default install only goes to https for pages that have been identified as needing to be https for encrypting personal data.. Making the entire site https: is a different issue. If you are going to set HTTP_SERVER to https: then should also set ENABLE_SSL to false because there is no need to switch between one and the other if they are both the same and in this case also https:.

    ZC doesn't force someone to access the front side of the store using http:. If someone really wants to access a page using http: by manually typing the uri with http: then so be it, why anyone would want to access say a login page or a create account page using http: when https: is available is beyond me, but like you have discovered ZC will move a customer/visitor along the path needed once they arrive at the site. To modify how the customer arrive at the site, something in advance of ZC needs to perform that action that is why I suggested a modification to the .htaccess file. It loads before ZC does and can redirect to the desired protocol.


    Quote Originally Posted by e-standard View Post
    Thanks,i figure it out, solve the problem by enable HSTS
    Could you please elaborate more?
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  6. #6
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,167
    Plugin Contributions
    7

    Default Re: The mian page did not go to https

    Quote Originally Posted by mc12345678 View Post
    If you are going to set HTTP_SERVER to https: then should also set ENABLE_SSL to false because there is no need to switch between one and the other if they are both the same and in this case also https:.
    What you say about switching is indeed correct. What you say about the enable_ssl setting not so much. As I stated in another thread(?), with both SERVER defines being https the enable_ssl setting really doesn't matter whether it is set to true false, it is effectively always 'true' on account of the fact that there is no longer any non-SSL pages to switch *from*.

    Quote Originally Posted by mc12345678 View Post
    ZC doesn't force someone to access the front side of the store using http:.
    This is more a matter of it *can't*, rather than it *doesn't*.

    Quote Originally Posted by mc12345678 View Post
    If someone really wants to access a page using http: by manually typing the uri with http: then so be it, why anyone would want to access say a login page or a create account page using http: when https: is available is beyond me,
    Because not all web browsers support https (so its good to have a choice).

    Quote Originally Posted by mc12345678 View Post
    To modify how the customer arrive at the site, something in advance of ZC needs to perform that action that is why I suggested a modification to the .htaccess file. It loads before ZC does and can redirect to the desired protocol.
    Yup. Thats the way to do it.


    Quote Originally Posted by mc12345678 View Post

    Thanks,i figure it out, solve the problem by enable HSTS
    Could you please elaborate more?
    This is a security mechanism that can be used to prevent a client from ever using http even though the option/possibility is available. My view is that if used it needs to be in *addition* to the .htaccess redirect rather than instead of. Although the hsts will achieve the same end result (with the additional prevention) it means that for the *initial* connection an additional response/request would be needed if the initial response was non https. With the .htaccess redirect the server will serve the https page without this additional request (actually, this additional request may occur anyway. I've not actually 'sniffed' the data for a hsts enabled site to be sure). Either way, the .htaccess redirect for the initial zencart connection is going to be a little more efficient.
    Apparently (from what I've just read) hsts prevents MITM attacks... WTF? I thought that is what SSL itself is supposed to do?

    Actually, though, what hsts does do that SSL doesn't, is prevent 'downgrading' an SSL connection to a non-SSL connection, so for all those that rave on about "SSL being a 'must have' for security" I assume that you have all implemented HSTS as well? No? I didn't think so. :)

    Cheers
    Rod
    Last edited by RodG; 12 Dec 2016 at 09:40 AM.

  7. #7
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: The mian page did not go to https

    Quote Originally Posted by e-standard View Post
    I have a headache question,when i type www.mywebsite.com it will not go to https://www.mywebsite.com

    But for any other page it will automatically go to HTTPS. when i click main page it also will go https,do not know what's the hell going on,driving me cray...

    Someone please help,how to solve the problem?

    Code:
    Options  +SymLinksIfOwnerMatch -FollowSymlinks -Indexes
    
    RewriteEngine On
    
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://example.com/$1 [R,L]

    @RodG
    Because not all web browsers support https (so its good to have a choice).
    I find that hard to believe in this day and age. Care to share as to what Names these Web Browsers go by?

  8. #8
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,167
    Plugin Contributions
    7

    Default Re: The mian page did not go to https

    Quote Originally Posted by Website Rob
    I find that hard to believe in this day and age. Care to share as to what Names these Web Browsers go by?
    hyperlink, wave, Amosaic, aweb, pip, someUnamed default browser used by my relatively new smart tv. A different (also unamed) browser built into my BluRay player. I could give other examples, but surely this is enough to dispel your belief? And heck, surely you know me well enough by now that I wouldn't make a statement without facts to back me up?

    Rgds
    RodG

  9. #9
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: The mian page did not go to https

    Thanks for the info, Rod. Still working on all this techno stuff and it's easy to get confused. For example I've got a machine that is a combination Fax/Shredder and can't figure out why people keep faxing me confetti.

  10. #10
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: The mian page did not go to https

    Quote Originally Posted by website rob View Post
    still working on all this techno stuff and it's easy to get confused. For example i've got a machine that is a combination fax/shredder and can't figure out why people keep faxing me confetti.
    roflmao!
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. Replies: 3
    Last Post: 12 May 2012, 10:58 PM
  2. Why did I lose my https images?
    By surrealcurly in forum Upgrading from 1.3.x to 1.3.9
    Replies: 2
    Last Post: 9 Aug 2011, 05:31 PM
  3. Replies: 2
    Last Post: 1 Aug 2011, 11:34 PM
  4. why the links inside the admin area are not https?
    By mavik in forum General Questions
    Replies: 4
    Last Post: 8 Apr 2011, 05:06 PM
  5. Replies: 0
    Last Post: 9 Jun 2008, 03:33 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR