Results 1 to 6 of 6
  1. #1
    Join Date
    Apr 2007
    Location
    Dayton, Ohio
    Posts
    666
    Plugin Contributions
    0

    Default Force HTTPS on website

    I have an old version of Zen Cart (version 139h). http://www.framesforlife.com

    I want to force HTTPS right now on all pages, currently HTTPS only shows on checkout pages. It has a plguin installed: Simple SEO URL v3.5.8. I don't see any settings built into the plugin. Is there a way to add something to my .htaccess for force HTTPS on every page?
    Building a better web, one site at a time: Dayton Web Design

  2. #2
    Join Date
    Jan 2004
    Posts
    66,266
    Blog Entries
    7
    Plugin Contributions
    270

    Default Re: Force HTTPS on website

    If you edit your /includes/configure.php and make BOTH the HTTP_SERVER and HTTPS_SERVER use https://your_site.com (instead of one being http:// and the other being https:// ) does that solve it? Be sure to test login/logout and buy something via checkout.

    You could also go further and add an .htaccess rewrite rule, but those are specific to each hosting environment, so talk to your hosting support for specifics.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jul 2012
    Posts
    15,656
    Plugin Contributions
    17

    Default Re: Force HTTPS on website

    Accomplishing this with an older system such as this is a requires multiple adjustments to do it right.

    Yes, the .htacccess file that is needed for your uri rewriter is one place to be touched, but also your includes/configure.php (may be read only when initially attempting to modify), the admin/includes/configure.php file and then on the catalog side there are likely multiple locations where for example

    src="http:

    Is used. There are other potentially hard coded places that may need updated.

    I don't have the link to it, but there is a docs.zen-cart.com help document that covers this aspect, though it is written more from the perspective of current (far newer than 10+ years ago) versions.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  4. #4
    Join Date
    Apr 2007
    Location
    Dayton, Ohio
    Posts
    666
    Plugin Contributions
    0

    Default Re: Force HTTPS on website

    If you edit your /includes/configure.php and make BOTH the HTTP_SERVER and HTTPS_SERVER be https://your_site.com (instead of one being http:// and the other being https:// ) does that solve it?
    I updated both configure.php files and the problem still persists. If you click any link located on the site, it does then redirect to HTTPS, but does not automatically redirect or refresh the homepage if I land on http. I am talking to my host right now about adding a .htaccess file.
    Building a better web, one site at a time: Dayton Web Design

  5. #5
    Join Date
    Apr 2007
    Location
    Dayton, Ohio
    Posts
    666
    Plugin Contributions
    0

    Default Re: Force HTTPS on website

    Problem solved. Host had to add this coding to my .htaccess file

    Code:
    RewriteEngine On
    RewriteCond %{HTTP_HOST} framesforlife\.com [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.framesforlife.com/$1 [R,L]
    Header set content-Security-Policy: upgrade-insecure-requests
    Thank you for your assistance!
    Building a better web, one site at a time: Dayton Web Design

  6. #6
    Join Date
    Jul 2012
    Posts
    15,656
    Plugin Contributions
    17

    Default Re: Force HTTPS on website

    Quote Originally Posted by sports guy View Post
    Problem solved. Host had to add this coding to my .htaccess file

    Code:
    RewriteEngine On
    RewriteCond %{HTTP_HOST} framesforlife\.com [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.framesforlife.com/$1 [R,L]
    Header set content-Security-Policy: upgrade-insecure-requests
    Thank you for your assistance!
    Will want to also add a rewrite rule in the event one tries to access the site using https: but without the prefix of www.

    Suggest adding this after the above:
    Code:
    RewriteCond %{HTTP_HOST} ^framesforlife\.com [NC]
    RewriteRule ^(.*)$ https://www.framesforlife.com/$1 [R,L]
    What this does is to determine if the request is to just the domain name (without www. ) and if so, then redirect to the https: version with the www. prefix.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

 

 

Similar Threads

  1. v155 Force Secure URL (HTTPS)
    By sports guy in forum General Questions
    Replies: 6
    Last Post: 15 Jul 2017, 08:12 PM
  2. HTTPS issues. How do I force site wide HTTPS? Thanks.
    By MagicMan in forum General Questions
    Replies: 1
    Last Post: 20 Oct 2016, 10:56 PM
  3. v151 Force checkout pages to redirect to HTTPS
    By jennibr in forum Managing Customers and Orders
    Replies: 5
    Last Post: 25 Feb 2014, 08:55 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR