slow loading

[dbltoe]

Sorry, you are using CEON URL rewriter which has nothing to do with 301 redirect making your site become http and either www or non-www.

You have nothing in your .htaccess that does a 301 redirect AND your certificate is STILL non-www.

You have us chasing in circles as you are changing things that have nothing to do with where we are trying to get you.

In your .htaccess file where it says

Code:

###############################################################################
# Add any custom 301 redirects
###############################################################################
# Notes:#
# In general these should be few and far between. If you use a RewriteRule
# be sure to add the L flag to let Apache mod_rewrite know to stop processing
# and skip any RewriteRules defined later in the .htaccess file.#
#############################################################################################################################################################
# Redirect if request was for index.php (with or without query)#
##############################################################################
# Notes:#
# This is a performance optimization. If the request is for index.php simply
# pass the request on and do not process any other mod_rewrite directives in
# this file.#
# Basically this avoids the overhead of checking if index.php is a real file
# or directory (used in subsequent mod_rewrite rules) before sending the
# request to index.php.

replace it with

Code:

###############################################################################
# Add any custom 301 redirects#
##############################################################################
# Redirect HTTP with www to HTTPS without wwwRewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]

## 301 Redirects

[jimmie]

it is already in there right above there, but moved it below

[jimmie]

also from ssllabs Certificate #1: RSA 4096 bits (SHA256withRSA)

Server Key and Certificate #1
Subject jnsflooringandsupplies.com
Fingerprint SHA256: b2de62080c53a7ff3300981489de1b3a9fb1ceaa179ae43c3b3dbc25f57ef206
Pin SHA256: AcyvfNh9RsyiKHHUDdzxG2c+aUVvgk+inTuS2aBfrCY=
Common names jnsflooringandsupplies.com
Alternative names jnsflooringandsupplies.com www.jnsflooringandsupplies.com
Serial Number 032cb1d38a21091c333f0f63c25d05b11105
Valid from Mon, 24 May 2021 02:00:44 UTC
Valid until Sun, 22 Aug 2021 02:00:44 UTC (expires in 2 months and 27 days)
Key RSA 4096 bits (e 65537)
Weak key (Debian) No
Issuer R3
AIA: http://r3.i.lencr.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency Yes (certificate)
OCSP Must Staple No
Revocation information OCSP
OCSP: http://r3.o.lencr.org
Revocation status Good (not revoked)
DNS CAA Yes
policy host: jnsflooringandsupplies.com
issue: letsencrypt.org flags:0
Trusted Yes
Mozilla Apple Android Java Windows


Additional Certificates (if supplied)
Certificates provided 3 (4316 bytes)
Chain issues None
#2
Subject R3
Fingerprint SHA256: 67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
Valid until Mon, 15 Sep 2025 16:00:00 UTC (expires in 4 years and 3 months)
Key RSA 2048 bits (e 65537)
Issuer ISRG Root X1
Signature algorithm SHA256withRSA
#3
Subject ISRG Root X1
Fingerprint SHA256: 6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f
Pin SHA256: C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=
Valid until Mon, 30 Sep 2024 18:14:03 UTC (expires in 3 years and 4 months)
Key RSA 4096 bits (e 65537)
Issuer DST Root CA X3
Signature algorithm SHA256withRSA

[dbltoe]

Again, your servers rating on SSL certificates has nothing to do with a redirect.

If the line in the supposedly correct rewrite is, in fact,

Code:

# Redirect HTTP with www to HTTPS without wwwRewriteCond %{HTTPS} off

that could well be the redirect problem.

That line should actually be two lines like

Code:

# Redirect HTTP with www to HTTPS without www
RewriteCond %{HTTPS} off

[jimmie]

[QUOTE=dbltoe;1381040]Again, your servers rating on SSL certificates has nothing to do with a redirect.

If the line in the supposedly correct rewrite is, in fact,

Code:

# Redirect HTTP with www to HTTPS without wwwRewriteCond %{HTTPS} off

that could well be the redirect problem.

That line should actually be two lines like[CODE]# Redirect HTTP with www to HTTPS without www
RewriteCond %{HTTPS} off

i have it like this

Code:

###############################################################################
# Add custom headers and options
###############################################################################
# Notes:
#
# Examples: Adding IE compatibility / edge flags, language and encoding flags,
# php or suphp directives, configure other Apache modules such as page_speed,
# and enable or disable Apache httpd options.
#
# Do NOT configure anything directly relating to physical or virtual resources
# in this section. These should be addressed later on in this file.
###############################################################################
#Options -Indexes

###############################################################################
# Enable mod_rewrite processing using the rules in this .htaccess file
###############################################################################
# Notes:
#
# <IfModule> should be avoided at all costs. If mod_rewrite is not available
# it is almost always better to return HTTP 500 status. This way we see there
# is an issue as soon as the .htaccess file is uploaded.
#
# For mod_rewrite to work, the Apache server option to allow symbolic links to
# be followed must be enabled. Most providers supporting mod_rewrite will
# already have it enabled for you, but if your rewrite rules are not working
# you can un-comment the first directive below to manually enable the option.
#
# Don't forget, mod_rewrite directives are processed in order until a matching
# RewriteRule with the [L] flag is encountered. So the more specific a rule is
# the closer it should appear to the top of this file.
###############################################################################
#Options +FollowSymLinks
## BEGIN CEON URI MAPPING REWRITE RULE

RewriteEngine On

# Don't rewrite any URIs ending with a file extension (ending with .[xxxxx])
RewriteCond %{REQUEST_URI} !\.[a-z]{2,5}$ [NC]
# Don't rewrite any URIs for some, popular specific file format extensions,
#   which are not covered by main file extension condition above
RewriteCond %{REQUEST_URI} !\.(mp3|mp4|h264|woff2)$ [NC]
# Don't rewrite admin directory
RewriteCond %{REQUEST_URI} !^/Jimmies_Admin [NC]
# Don't rewrite editors directory
RewriteCond %{REQUEST_URI} !^/editors/ [NC]
# Don't rewrite logs--bk--pwi--25-06-20 directory
RewriteCond %{REQUEST_URI} !^/logs\-\-bk\-\-pwi\-\-25\-06\-20/ [NC]
# Don't rewrite min directory
RewriteCond %{REQUEST_URI} !^/min/ [NC]
# Don't rewrite pzen_includes directory
RewriteCond %{REQUEST_URI} !^/pzen_includes/ [NC]
# Don't rewrite stats directory
RewriteCond %{REQUEST_URI} !^/stats/ [NC]
# Don't rewrite PDF directory
RewriteCond %{REQUEST_URI} !^/PDF/ [NC]
# Don't rewrite cgi-bin directory
RewriteCond %{REQUEST_URI} !^/cgi\-bin/ [NC]
# Don't rewrite mftp directory
RewriteCond %{REQUEST_URI} !^/mftp/ [NC]
# Don't rewrite sitemap directory
RewriteCond %{REQUEST_URI} !^/sitemap/ [NC]
# Don't rewrite Testsite directory
RewriteCond %{REQUEST_URI} !^/Testsite/ [NC]
# Don't rewrite product_extra_files directory
RewriteCond %{REQUEST_URI} !^/product_extra_files/ [NC]
# Don't rewrite error directory
RewriteCond %{REQUEST_URI} !^/error/ [NC]
# Don't rewrite logs directory
RewriteCond %{REQUEST_URI} !^/logs/ [NC]
# Don't rewrite bmz_cache directory
RewriteCond %{REQUEST_URI} !^/bmz_cache/ [NC]
# Don't rewrite MyFiles directory
RewriteCond %{REQUEST_URI} !^/MyFiles/ [NC]
# Don't rewrite wellknown directory
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ [NC]
# Don't rewrite tmp directory
RewriteCond %{REQUEST_URI} !^/tmp/ [NC]
# Handle all other URIs using Zen Cart (its index.php)
RewriteRule .* /index.php [QSA,L]

## END CEON URI MAPPING REWRITE RULE

###############################################################################
# Tell mod_rewrite where this file is relative to the server document_root
###############################################################################
# Notes:
#
# This directive should only be enabled if this .htaccess file is not placed
# in the document_root (usually public_html, www, or web) of the (sub)domain.
#
# An easy way to determine the location relative to the server document_root is
# to look at the URL used to access a file in this folder. For example if you
# access a "page" in the same folder as this file by typing in the URL
# "www.mydomain.com/myfolder/index.html" then "myfolder" will be the location
# of this file relative to the server document_root.
#
# Another quick and easy way to determine the correct setting for this is to
# look at the defined value for DIR_WS_CATALOG and DIR_WS_HTTPS_CATALOG in
# Zen Cart's configure.php files. All three values should match.
#
# Don't forget the leading and trailing /. This directive requires both!
###############################################################################
#RewriteBase /home3/jimmie/public_html/

###############################################################################
# Redirect if request was for index.php (no query)
###############################################################################
# Notes:
#
# This is only required if the site generates references to index.php with no
# parameters. This rule will force a 301 redirect to the site root when a
# request is made for "/index.php" with no query terms (?key=value).
###############################################################################
# Add any custom 301 redirects#
##############################################################################
# Redirect HTTP with www to HTTPS without wwwRewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]

## 301 Redirects
###############################################################################
# Redirect if request was for index.php (with or without query)
###############################################################################
# Notes:
#
# This is a performance optimization. If the request is for index.php simply
# pass the request on and do not process any other mod_rewrite directives in
# this file.
#
# Basically this avoids the overhead of checking if index.php is a real file
# or directory (used in subsequent mod_rewrite rules) before sending the
# request to index.php.
###############################################################################


<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
</IfModule>

<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

<IfModule mod_headers.c>
    <FilesMatch "\.(bmp|css|flv|gif|ico|jpg|jpeg|js|pdf|png|svg|swf|tif|tiff)$">
        Header set Last-Modified "Mon, 10 Oct 2016 00:00:00 GMT"
    </FilesMatch>
</IfModule>

<ifModule mod_headers.c>
    Header set Connection keep-alive
</ifModule>

# ######################################################################
# # MEDIA TYPES AND CHARACTER ENCODINGS                                #
# ######################################################################

# ----------------------------------------------------------------------
# | Media types                                                        |
# ----------------------------------------------------------------------

# Serve resources with the proper media types (f.k.a. MIME types).
#
# https://www.iana.org/assignments/media-types/media-types.xhtml
# https://httpd.apache.org/docs/current/mod/mod_mime.html#addtype

# ----------------------------------------------------------------------
# | Reducing MIME type security risks                                  |
# ----------------------------------------------------------------------

# Prevent some browsers from MIME-sniffing the response.
#
# This reduces exposure to drive-by download attacks and cross-origin
# data leaks, and should be left uncommented, especially if the server
# is serving user-uploaded content or content that could potentially be
# treated as executable by the browser.
#
# http://www.slideshare.net/hasegawayosuke/owasp-hasegawa
# http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
# https://msdn.microsoft.com/en-us/library/ie/gg622941.aspx
# https://mimesniff.spec.whatwg.org/

<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
</IfModule>

# ----------------------------------------------------------------------
# | ETags                                                              |
# ----------------------------------------------------------------------

# Remove `ETags` as resources are sent with far-future expires headers.
#
# https://developer.yahoo.com/performance/rules.html#etags
# https://tools.ietf.org/html/rfc7232#section-2.3

# `FileETag None` doesn't work in all cases.
<IfModule mod_headers.c>
    Header unset ETag
</IfModule>

FileETag None

# ----------------------------------------------------------------------
# | Expires headers                                                    |
# ----------------------------------------------------------------------

# Serve resources with far-future expires headers.
#
# (!) If you don't control versioning with filename-based
# cache busting, you should consider lowering the cache times
# to something like one week.
#
# https://httpd.apache.org/docs/current/mod/mod_expires.html

<IfModule mod_expires.c>

    ExpiresActive on
    ExpiresDefault                                      "access plus 1 month"

  # CSS
    ExpiresByType text/css                              "access plus 1 hour"

  # Data interchange
    ExpiresByType application/atom+xml                  "access plus 1 hour"
    ExpiresByType application/rdf+xml                   "access plus 1 hour"
    ExpiresByType application/rss+xml                   "access plus 1 hour"

    ExpiresByType application/json                      "access plus 0 seconds"
    ExpiresByType application/ld+json                   "access plus 0 seconds"
    ExpiresByType application/schema+json               "access plus 0 seconds"
    ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
    ExpiresByType application/xml                       "access plus 0 seconds"
    ExpiresByType text/xml                              "access plus 0 seconds"

  # Favicon (cannot be renamed!) and cursor images
    ExpiresByType image/vnd.microsoft.icon              "access plus 1 year"
    ExpiresByType image/x-icon                          "access plus 1 year"

  # HTML
    ExpiresByType text/html                             "access plus 0 seconds"

  # JavaScript
    ExpiresByType application/javascript                "access plus 1 hour"
    ExpiresByType application/x-javascript              "access plus 1 hour"
    ExpiresByType text/javascript                       "access plus 1 hour"

  # Manifest files
    ExpiresByType application/manifest+json             "access plus 1 year"

    ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
    ExpiresByType text/cache-manifest                   "access plus 0 seconds"

  # Media files
    ExpiresByType audio/ogg                             "access plus 1 month"
    ExpiresByType image/bmp                             "access plus 1 month"
    ExpiresByType image/gif                             "access plus 1 month"
    ExpiresByType image/jpeg                            "access plus 1 month"
    ExpiresByType image/png                             "access plus 1 month"
    ExpiresByType image/svg+xml                         "access plus 1 month"
    ExpiresByType image/webp                            "access plus 1 month"
    ExpiresByType video/mp4                             "access plus 1 month"
    ExpiresByType video/ogg                             "access plus 1 month"
    ExpiresByType video/webm                            "access plus 1 month"

  # Web fonts
    # Embedded OpenType (EOT)
    ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
    ExpiresByType font/eot                              "access plus 1 month"

    # OpenType
    ExpiresByType font/opentype                         "access plus 1 month"

    # TrueType
    ExpiresByType application/x-font-ttf                "access plus 1 month"

    # Web Open Font Format (WOFF) 1.0
    ExpiresByType application/font-woff                 "access plus 1 month"
    ExpiresByType application/x-font-woff               "access plus 1 month"
    ExpiresByType font/woff                             "access plus 1 month"

    # Web Open Font Format (WOFF) 2.0
    ExpiresByType application/font-woff2                "access plus 1 month"

  # Other
    ExpiresByType text/x-cross-domain-policy            "access plus 1 week"

</IfModule>

and still does not redirect https: www to https non www
clicking any other link corrects this, but if you add www to url it does not redirect

[mc12345678]

Please read before taking some additional action... if have already taken some additional action between the last post and now, please identify what the action was and do not make any additional changes associated with this issue without communicating them. Your site is functional and can be set right if given the chance to take the action(s) necessary and not do a lot of extra work...

So, still reading?

Right now there is a problem with the sequence of rewritecond/rewriterules in your htaccess file... This was pointed out previously but rejected. If you notice, you have been checking to see how your live site has been behaving regarding www to non-www... There are a set of rules in your file that cover that last part, but for some reason they are not doing what is expected...

That is until one tries to access the domain of the site in such a way that earlier rules are not processed. See, when a rewriterule is met that has tha [L] at the end, no other htaccess rewriteEngine content is processed beyond that line for this page load... its the Last line... Now again, don't go changing things all over the place to address this, you could easily make a mess of things...

Thing is, there are other places against which to test on the site to see if the desired rewrites can work. All you have to do is not have Zen Cart try to process the request by skipping the rewrites associated with Ceon URI rewriter. How? Try accessing that sitemap folder, or the mftp folder, etc... all of those are specifically excluded from being redirected to /index.php with a 301 and to stop processing the file...

If... If... If the rewrites for www to non-www, among the other rule (there are three together) were before the Ceon URI Mapping rule(s) *and* any other rewrites that do not support getting the domain name right first, then... the domain name portion may continue to be wrong/not what is desired...

So... again, move the three rules that have been added above the Ceon URI Mapping rules, ensuring that somewhere before that set of rules that the RewriteEngine is on (need that only one time in a file) and this portion of issues may be resolved. I refer back to the first paragraph though...

[jimmie]

ok moved back to the top of file and is now working correctly, site is a little faster

[Philibel]

You gained 4 secondes, an improvement of 30%. Now, it's time to address the other issues.

A good start would be adjusting your images for the slide show to their final size. Don't forget to check the file compression! I.e. I took one of the images and send them thru TinyJPG and got a claimed reduction of 53%. If you can prevented resizing the images and reduce the load size from 2+ MB to let's say 1+ MB, you'll gain speed again.

Consider also to go to your site cPanel and set communication to gzip. Modern browsers can all process site loading that way. It's like sending assembled furniture by slow 18-wheeler versus building kits by mini-van. Guess who delivers first at the top floor condo two states over without damage.

Also see the issues that the more experienced members have listed. You can start by checking your template files with the original template files for accidental rewrites. Although after taking a look at the vendor site, I fear the worst. The template was last updated after the PHP version it could maximum handle was already past end of life, even for security updates. You can't update neither PHP nor Zen Cart versions without serious rewrites in the templates. And in that case, after 20+ posts for 1 rewrite of 1 file... "I just remember I left something in the oven!" might get pandemic by itself.