Force Secure URL (HTTPS)

**sports guy** · 14 Jul 2017, 06:08 PM

I have an SSL certificate on my website here: http://www.greatwings.com/ I am trying to force HTTPS but the site shows depending on whether or not you add the additional secrutiy S or not in the URL. My current configuration does not force HTTP on the front end. I wish it would just redirect to the secure site when someone lands on the insecure page.

Please note I do have Ultimate URL's turned on. But I have followed the instructions but it still does not work.

In my file: admin> includes> configure.php I have these settings:

Code:

define('HTTP_SERVER', 'https://www.greatwings.com');

define('HTTP_CATALOG_SERVER', 'http://www.greatwings.com');
define('HTTPS_CATALOG_SERVER', 'https://www.greatwings.com');

define('ENABLE_SSL_CATALOG', 'true');

In my file: includes> configure.php I have these settings:

Code:

define('HTTP_SERVER', 'http://www.greatwings.com');
define('HTTPS_SERVER', 'https://www.greatwings.com');

define('ENABLE_SSL', 'true');

So that all seems correct right? Well the page does not redirect if you type a non-secure URL like: http://www.greatwings.com. So the issue must be in the .htaccess right? So this is my .htaccess file:

Code:

###############################################################################
# Common directives
###############################################################################
# NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:

Options +FollowSymLinks
RewriteEngine on
RewriteBase /

###############################################################################
# Start Ultimate SEO URLs
###############################################################################

# Handles the new URL formats
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$4&cPath=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$4&cPath=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=$4&cPath=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=$4&cPath=$2&%{QUERY_STRING} [L]

# Original (unchanged) URL formats
RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-m-([0-9]+)(.*)$ index\.php?main_page=index&manufacturers_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-ezp-([0-9]+)(.*)$ index\.php?main_page=page&id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=$2&%{QUERY_STRING} [L]

# All other pages
# Don't rewrite real files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index\.php?main_page=$1&%{QUERY_STRING} [L]
# Use PHP70 as default
AddHandler application/x-httpd-php70 .php
<IfModule mod_suphp.c>
    suPHP_ConfigPath /opt/php70/lib
</IfModule>
RewriteCond %{HTTP_HOST} ^aviationinsignia\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.aviationinsignia\.com$
RewriteRule ^/?$ "https\:\/\/www\.greatwings\.com" [R=301,L]

Anyone see the issue here? I really need the primary site to redirect to a secure URL if someone visits from an insecure URL. Any ideas?

**Website Rob** · 14 Jul 2017, 06:47 PM

In both configure.php files, change to:

define('HTTP_SERVER', 'https://www.greatwings.com');

Admin -> Configuration -> Sessions
Cookie Domain
Force Cookie Use

- make sure they both say True

In your .htaccess file, replace

Code:

############################################################################### # Common directives ############################################################################### # NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:  Options +FollowSymLinks RewriteEngine on RewriteBase /  ############################################################################### # Start Ultimate SEO URLs ###############################################################################

with

Code:

#############################
##  General Settings

Options  +SymLinksIfOwnerMatch -FollowSymlinks -Indexes
RewriteEngine ON
RewriteBase /

# Define the default Character Set for Browsers
AddDefaultCharset utf-8

# if an https URL is not used then redirect to use https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.greatwings.com/$1 [R=301,L]

# regardless of whether an https URL is used,
# if a URL is used without www then redirect to an https URL that does use www
RewriteCond %{HTTP_HOST} ^greatwings.com [NC]
RewriteRule ^(.*)$ https://www.greatwings.com/$1 [R=301,L]


###############################################################################
 # Start Ultimate SEO URLs ###############################################################################

The Forum script is not playing nice with this post so adjust spacing as desired.

**mc12345678** · 14 Jul 2017, 06:51 PM

So there are "multiple" issues to be addressed.

First is to consider the ZC system. With SSL_ENABLED, HTTP_SERVER is used for all pages that are not required to be SSL such as contact_us and in the checkout process. With it enabled and visiting one of those pages, ZC will use the HTTPS_SERVER on the store side.

What you are asking with regards to navigating within ZC is to always have/use SSL. Therefore you would want to modify includes/configure.php so that HTTP_SERVER has https: at the beginning of the domain name area instead of http:.

The other part that you are asking about is that no matter how one gets to your site that they are forced to https:.

Generally speaking the content within the htaccess looks like it will accomplish that, if it were properly positioned within the file.

Where it is now will not accomplish the desired task because of the redirects that are before it. The last set of "instruction" needs to be moved up above the USU added code.

This way, if one attempts access without https: they are redirected to https: and then that rule will be skipped and the remaining USU rules will apply. Then once at the site, because HTTP_SERVER has https: in it, links within ZC that are generated by zen_href_link will also have https: in them.

Beyond that, you will want to be sure that you don't have other links, including external script loads that load via http:. There are some "acceptable" but browsers are becoming ever more picky (or perhaps it is more that they have become more relaxed and just report a discrepancy regardless of the true need or affect).

**sports guy** · 15 Jul 2017, 02:27 AM

Websiterob, I updated both configure.php files to have the s. Then I modified my .htaccess to the code you provided:

Code:

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName greatwings.com

###############################################################################
# General Settings
###############################################################################
# NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:

Options  +SymLinksIfOwnerMatch -FollowSymlinks -Indexes
RewriteEngine ON
RewriteBase /

# Define the default Character Set for Browsers
AddDefaultCharset utf-8

# if an https URL is not used then redirect to use https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.greatwings.com/$1 [R=301,L]

# regardless of whether an https URL is used,
# if a URL is used without www then redirect to an https URL that does use www
RewriteCond %{HTTP_HOST} ^greatwings.com [NC]
RewriteRule ^(.*)$ https://www.greatwings.com/$1 [R=301,L]

###############################################################################
# Start Ultimate SEO URLs
###############################################################################

# Handles the new URL formats
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$4&cPath=

$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$4&cPath=$2&

%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=

$4&cPath=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=

$4&cPath=$2&%{QUERY_STRING} [L]

# Original (unchanged) URL formats
RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-m-([0-9]+)(.*)$ index\.php?main_page=index&manufacturers_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=$2&%{QUERY_STRING} 

[L]
RewriteRule ^(.*)-ezp-([0-9]+)(.*)$ index\.php?main_page=page&id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=$2&%{QUERY_STRING} [L]

# All other pages
# Don't rewrite real files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index\.php?main_page=$1&%{QUERY_STRING} [L]
# Use PHP70 as default
AddHandler application/x-httpd-php70 .php
<IfModule mod_suphp.c>
    suPHP_ConfigPath /opt/php70/lib
</IfModule>
RewriteCond %{HTTP_HOST} ^aviationinsignia\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.aviationinsignia\.com$
RewriteRule ^/?$ "https\:\/\/www\.greatwings\.com" [R=301,L]

The page says: 403 Forbidden. I assume its because mc12345678 mentioned this:

The last set of "instruction" needs to be moved up above the USU added code.

mc12345678 can you please show me which code needs to go where? I attempted a few moves of the lower code above the new addition but I still get a 403 forbidden error. I am a bit confused as to what part goes exactly where.

**Website Rob** · 15 Jul 2017, 02:38 AM

Remove this code as it is not needed.

Code:

<Limit GET POST> 

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

order deny,allow
 deny from all
 allow from all
</Limit> 

<Limit PUT DELETE>
order deny,allow deny from all
</Limit>

 AuthName greatwings.com

vBulletin seems to be really bad when using CODE tags--or maybe it's just me?

**sports guy** · 15 Jul 2017, 01:03 PM

OK I removed the code you mentioned. But now my homepage brings me back to the 403: Forbidden page error. Here is my coding that is causing the 403 Forbidden:

Code:

###############################################################################
# General Settings
###############################################################################
# NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:

Options  +SymLinksIfOwnerMatch -FollowSymlinks -Indexes
RewriteEngine ON
RewriteBase /

# Define the default Character Set for Browsers
AddDefaultCharset utf-8

# if an https URL is not used then redirect to use https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.greatwings.com/$1 [R=301,L]

# regardless of whether an https URL is used,
# if a URL is used without www then redirect to an https URL that does use www
RewriteCond %{HTTP_HOST} ^greatwings.com [NC]
RewriteRule ^(.*)$ https://www.greatwings.com/$1 [R=301,L]

###############################################################################
# Start Ultimate SEO URLs
###############################################################################

# Handles the new URL formats
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$4&cPath=

$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$4&cPath=$2&

%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=

$4&cPath=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=

$4&cPath=$2&%{QUERY_STRING} [L]

# Original (unchanged) URL formats
RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-m-([0-9]+)(.*)$ index\.php?main_page=index&manufacturers_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=$2&%{QUERY_STRING} 

[L]
RewriteRule ^(.*)-ezp-([0-9]+)(.*)$ index\.php?main_page=page&id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=$2&%{QUERY_STRING} [L]

# All other pages
# Don't rewrite real files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index\.php?main_page=$1&%{QUERY_STRING} [L]
# Use PHP70 as default
AddHandler application/x-httpd-php70 .php
<IfModule mod_suphp.c>
    suPHP_ConfigPath /opt/php70/lib
</IfModule>
RewriteCond %{HTTP_HOST} ^aviationinsignia\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.aviationinsignia\.com$
RewriteRule ^/?$ "https\:\/\/www\.greatwings\.com" [R=301,L]

**Website Rob** · 15 Jul 2017, 08:12 PM

What did you remove from your .htaccess file to make your site work?

Within your Hosting account control panel is there an error log that tells you information about the 403 error?

You could move this code:

# NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:
RewriteBase /

To underneath this line:

# Start Ultimate SEO URLs
###############################################################################

And move this code

RewriteCond %{HTTP_HOST} ^aviationinsignia\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.aviationinsignia\.com$
RewriteRule ^/?$ "https\:\/\/www\.greatwings\.com" [R=301,L]

To be underneath this code:

# regardless of whether an https URL is used,
# if a URL is used without www then redirect to an https URL that does use www
RewriteCond %{HTTP_HOST} ^greatwings.com [NC]
RewriteRule ^(.*)$ https://www.greatwings.com/$1 [R=301,L]

The above changes are to just clean things up a bit and make the code easier to read / understand.