Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

The SSL In OsCommerce Guide For The Innocent


Simplyeasier

Recommended Posts

We recently got the SSL installed on one of our website : www.bongsnbongs.com

 

but we keep on getting the error that the site contains both secure and insecure links after I click on any product which comes in HTTPS url as there are some HTTP links also .

 

I recently checked another good Oscommerce website http://www.mrgadget.com.au/catalog/

and for SSL which comes after Checkout it goes to

 

https://secure.mrgadget.com.au

 

Also NOTE that the error for secure and insecure links do not come even in IE although the links on this website have both HTTP and HTTPS .

 

My Query is :

1) they have the SSL to "secure.mrgadget.com.au" and not to "www.mrgadget.com.au" . Is it better to have the SSL like thi instaed of the complete URL

2) Why this website do not have secure and insecure prompt though if you check the source it has both HTTP and HTTPS links

3) How to enable SSL only on CHECKOUT

4) How is it possible that they have all the product and category links to HTTP even if they are in HTTPS domain

 

Any inputs from you is appreiciated

Double post. Follow ->here

Link to comment
Share on other sites

  • 2 weeks later...
  • Replies 401
  • Created
  • Last Reply

"You configured HTTP(80) on the standard HTTPS(443) port!" on /var/log/httpd/error_log and blank page when accessing www.mydomain.com

 

Hello everyone, I was trying to install SSL certificate for a week now, with no success.

 

My Server info:

Linux Distro: Fedora 10 2.6.27.12-170.2.5.fc10.i686

HTTP Server: Apache/2.2.11 (Fedora)

PHP Version: 5.2.9 (Zend: 2.2.0)

OpenSSL support enabled

OpenSSL Version OpenSSL 0.9.8g

 

I'm my own hosting and have only one domain in one linux box with 1 interface, 1 public IP address and no virtual domains.

Hostname is "web" so certificate was issued to web.mydomain.com

httpd.conf and ssl.conf have both a line "ServerName www.mydomain.com"

 

Now, after uncommenting "SSLEngine on" in ssl.conf file, making necesary changes in /includes/configure.php and /admin/includes/configure.php and restarting httpd service:

 

[root@web conf.d]# service httpd restart

 

Stopping httpd: [ OK ]

Starting httpd:

Apache/2.2.11 mod_ssl/2.2.11 (Pass Phrase Dialog)

Some of your private key files are encrypted for security reasons.

In order to read them you have to provide the pass phrases.

 

Server www.mydomain.com:443 (RSA)

Enter pass phrase:

 

OK: Pass Phrase Dialog successful.

[ OK ]

 

Everything looks good so far, but I get:

 

"You configured HTTP(80) on the standard HTTPS(443) port!" on error_log and blank page when accessing www.mydomain.com

 

 

Any clue on what i am missing??

 

Thank you all for reading

Link to comment
Share on other sites

  • 3 weeks later...

Hi All, I have read through every post in this Section, and for the life of me cannot find an answer to my problem.

 

I've been trying to get my SSL connection to work within the admin area, but it seem to fall in a heap. None of the images (icons display)

 

I have checked the configure file in the admin/includes directory.

 

 $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2002 osCommerce

 Released under the GNU General Public License
*/

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
 define('HTTP_SERVER', 'http://www.affordablett.com.au'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.affordablett.com.au');
 define('HTTPS_CATALOG_SERVER', 'https://www.affordablett.com.au/~affordab/');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/affordab/public_html/shop/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/shop/admin/');
 define('DIR_FS_ADMIN', '/home/affordab/public_html/shop/admin/');
 define('DIR_WS_CATALOG', '/shop/');
 define('DIR_FS_CATALOG', '/home/affordab/public_html/shop/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
 define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // secure webserver for admin
 define('ENABLE_SSL', 'false');	// enable SSL for customers/orders viewing
// define our database connection
 define('DB_SERVER', '');
 define('DB_SERVER_USERNAME', 'xxxxxxxxx');
 define('DB_SERVER_PASSWORD', 'xxxxxxxxx');
 define('DB_DATABASE', 'xxxxxxxxxxxx');
 define('USE_PCONNECT', 'true');
 define('STORE_SESSIONS', '');

 

I have obviosly changed the line define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing to true and even tried 1, but no icons will display.

can someone point me in the right direction.

 

I have got the SSL to work correctly in the shop site. Except for the images being unsecured - not sure if they matter anyway.

 

your help would be apprecated.

 

Thanks in advance.

Link to comment
Share on other sites

Hi All, I have read through every post in this Section, and for the life of me cannot find an answer to my problem.

 

I've been trying to get my SSL connection to work within the admin area, but it seem to fall in a heap. None of the images (icons display)

 

I have checked the configure file in the admin/includes directory.

 

 $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2002 osCommerce

 Released under the GNU General Public License
*/

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
 define('HTTP_SERVER', 'http://www.affordablett.com.au'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.affordablett.com.au');
 define('HTTPS_CATALOG_SERVER', 'https://www.affordablett.com.au/~affordab/');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/affordab/public_html/shop/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/shop/admin/');
 define('DIR_FS_ADMIN', '/home/affordab/public_html/shop/admin/');
 define('DIR_WS_CATALOG', '/shop/');
 define('DIR_FS_CATALOG', '/home/affordab/public_html/shop/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
 define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // secure webserver for admin
 define('ENABLE_SSL', 'false');	// enable SSL for customers/orders viewing
// define our database connection
 define('DB_SERVER', '');
 define('DB_SERVER_USERNAME', 'xxxxxxxxx');
 define('DB_SERVER_PASSWORD', 'xxxxxxxxx');
 define('DB_DATABASE', 'xxxxxxxxxxxx');
 define('USE_PCONNECT', 'true');
 define('STORE_SESSIONS', '');

 

I have obviosly changed the line define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing to true and even tried 1, but no icons will display.

can someone point me in the right direction.

 

I have got the SSL to work correctly in the shop site. Except for the images being unsecured - not sure if they matter anyway.

 

your help would be apprecated.

 

Thanks in advance.

Looks to me like the store isn't getting the cue from the server that SSL is on.

 

SSL Help

 

SSL Help support thread

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Looks to me like the store isn't getting the cue from the server that SSL is on.

 

SSL Help

 

SSL Help support thread

Thanks for having a look. How would I go about fixing this, and how come the Shop site works properly.

 

I have run your PHP Files and this is what I get.

 

myenv.php  Version 1.2

SSL Variables

HTTP HOST: [www.affordablett.com.au]

Server Port: [443]

SSL Status: [on]

Fowarded Server: [undefined!]

Fowarded Host: [undefined!]

Fowarded By: [undefined!]

$_SERVER['HTTPS']: [on]

Load: 2

myenv.php  Version 1.2

NONSSL Variables

HTTP HOST: [www.affordablett.com.au]

Server Port: [80]

SSL Status: [undefined!]

Fowarded Server: [undefined!]

Fowarded Host: [undefined!]

Fowarded By: [undefined!]

$_SERVER['HTTPS']: [undefined!]

Load: 1

cfgchk.php  Version 1.2

local config file found!
Processing it first...

File Permissions: 0644



Processing normal config file...

File Permissions: 0444

Found HTTPS_SERVER:

define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // eg, https://localhost - should not be empty for productive servers

HTTPS URL passed check!

Found ENABLE_SSL.

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

SSL enable passed check!

Found HTTPS_COOKIE_DOMAIN:

define('HTTPS_COOKIE_DOMAIN', 'https://www.affordablett.com.au/~affordab');

HTTPS_COOKIE_DOMAIN line parsed!



Parsing application_top.php for SSL detection key...

Found SSL detection key:

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';



Done!

Link to comment
Share on other sites

The Shop ISN'T working properly.

 

Examining the HTML source on a HTTPS page reveals:

 

<base href="http://www.affordablett.com.au/shop/">

This code:

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

Needs to be this:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Or this:

 

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

Or this:

 

// set the type of request (secure or not)
 $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

 

And this:

 

define('HTTPS_COOKIE_DOMAIN', 'https://www.affordablett.com.au/~affordab');

should be:

 

define('HTTPS_COOKIE_DOMAIN', 'www.affordablett.com.au');

 

or

 

define('HTTPS_COOKIE_DOMAIN', '.affordablett.com.au');

 

Thanks for having a look. How would I go about fixing this, and how come the Shop site works properly.

 

I have run your PHP Files and this is what I get.

 

myenv.php  Version 1.2

SSL Variables

HTTP HOST: [www.affordablett.com.au]

Server Port: [443]

SSL Status: [on]

Fowarded Server: [undefined!]

Fowarded Host: [undefined!]

Fowarded By: [undefined!]

$_SERVER['HTTPS']: [on]

Load: 2

myenv.php  Version 1.2

NONSSL Variables

HTTP HOST: [www.affordablett.com.au]

Server Port: [80]

SSL Status: [undefined!]

Fowarded Server: [undefined!]

Fowarded Host: [undefined!]

Fowarded By: [undefined!]

$_SERVER['HTTPS']: [undefined!]

Load: 1

cfgchk.php  Version 1.2

local config file found!
Processing it first...

File Permissions: 0644



Processing normal config file...

File Permissions: 0444

Found HTTPS_SERVER:

define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // eg, https://localhost - should not be empty for productive servers

HTTPS URL passed check!

Found ENABLE_SSL.

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

SSL enable passed check!

Found HTTPS_COOKIE_DOMAIN:

define('HTTPS_COOKIE_DOMAIN', 'https://www.affordablett.com.au/~affordab');

HTTPS_COOKIE_DOMAIN line parsed!



Parsing application_top.php for SSL detection key...

Found SSL detection key:

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';



Done!

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Thank you once again for looking at the code.

 

When I implememnt your suggestions, especially this one thats found in application_top.php

 

Needs to be this:

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';


Or this:

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';


Or this:

// set the type of request (secure or not)
 $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

 

The Login page displays with no image's

 

login with no images

 

When I change it back to this

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';
// set php_self in the local scope
 if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];

 

The image's display correctly.

 

I am stumped.

Link to comment
Share on other sites

Thank you once again for looking at the code.

 

When I implememnt your suggestions, especially this one thats found in application_top.php

 

Needs to be this:

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';


Or this:

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';


Or this:

// set the type of request (secure or not)
 $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

 

The Login page displays with no image's

 

login with no images

 

When I change it back to this

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';
// set php_self in the local scope
 if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];

 

The image's display correctly.

 

I am stumped.

Whatever you have now is working.

 

The store now recognizes that SSL is on.

 

In the SSL support thread I linked you to, look towards the end at the exchange between Eternal Howl and myself.

 

She had the exact same problem.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Whatever you have now is working.

 

The store now recognizes that SSL is on.

 

In the SSL support thread I linked you to, look towards the end at the exchange between Eternal Howl and myself.

 

She had the exact same problem.

 

When you go to the login page, it is displayed without image's

 

Login Page

Link to comment
Share on other sites

When you go to the login page, it is displayed without image's

 

Login Page

Did you do what I asked you to do?

:unsure:

 

The store code is working as it should.

 

Something on the server is messing you up.

 

Could be a .htaccess file in the /images folder or maybe something to do with "hotlink protection" in your cPanel.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Did you do what I asked you to do?

:unsure:

 

The store code is working as it should.

 

Something on the server is messing you up.

 

Could be a .htaccess file in the /images folder or maybe something to do with "hotlink protection" in your cPanel.

I tried to find the replies as you suggested, but my eye's dont seem to be working correctly today.

 

I did turn off Hotlink Protection, and the image's seem to be displayed Correctly.

Hopefully this has fixed the problems. Thankyou very very much for you time and help in this matter. :)

Link to comment
Share on other sites

Who would have thought that Hotlink Protection enabeled in cPanel, whould cause so many problems. Hopefully this helps a few more members as well.

 

Now for the Million dollar question.

 

Is there any way to make SSL's and Hotlink protection work together?

Link to comment
Share on other sites

Who would have thought that Hotlink Protection enabeled in cPanel, whould cause so many problems. Hopefully this helps a few more members as well.

 

Now for the Million dollar question.

 

Is there any way to make SSL's and Hotlink protection work together?

I've never been on a server where this was part of the cPanel.

 

Is there a place where you can enter your SSL URL so it will be OK to access the images?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I've never been on a server where this was part of the cPanel.

 

Is there a place where you can enter your SSL URL so it will be OK to access the images?

:unsure:

 

The Linux cPanel Server has a Hotlink Tab.

I added the https://mysite.com to the allowed referers and now all is OK.

 

Thanks once again for all your help.

Link to comment
Share on other sites

Who would have thought that Hotlink Protection enabeled in cPanel, whould cause so many problems. Hopefully this helps a few more members as well.

 

Now for the Million dollar question.

 

Is there any way to make SSL's and Hotlink protection work together?

If you don't mind I'd like the $1,000,000.00 in twenties....

;)

 

:lol:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

hi there,

 

i have a problem with my application top file, my ssl would load up the encrypted pages but would not direct any of the images to https address giving me unsecure item errors in browsers.

 

i corrected this by changeing the line in the application_top.php

 

 

from this:

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

to this:

 

// set the type of request (secure or not)

$request_type = ($_SERVER['HTTP_HOST'] == 'mysite.co.uk') ? 'SSL' : 'NONSSL';

 

 

and my includes/configure.php file looks like this:

 

define('HTTP_SERVER', 'http://www.mysite.co.uk');

define('HTTPS_SERVER', 'https://mysite.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'mysite.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk');

 

 

 

can you tell me if this is a good workaround for the problem? or is there another solution?

 

thanks in advanced

 

dan

Link to comment
Share on other sites

  • 2 months later...
  • 1 year later...

Here goes

 

I got the ssl sort of working, but i coundnt get the images to show, so i changed my configure files again,again and again and now cant get the ssl working at all unless i manually put in https://www.ragstobags.co.uk and even then the wrong images appear or not being the case.

 

heres my code inlcludes/configure = i havent added the bottom bit

 

define('HTTP_SERVER', 'http://www.ragstobags.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.ragstobags.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.ragstobags.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'www.ragstobags.co.uk');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

 

 

admin/includes/configure

 

define('HTTP_SERVER', 'http://www.ragstobags.co.uk'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.ragstobags.co.uk');

define('HTTPS_CATALOG_SERVER', 'https://www.ragstobags.co.uk');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/xxxxxxxx/public_html'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/xxxxxx/');

define('DIR_FS_ADMIN', '/home/xxxxxxxx/public_html/');

define('DIR_WS_CATALOG', '/');

define('DIR_FS_CATALOG', '/home/xxxxxxxx/public_html/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', 'backups/');

 

 

 

hopefully someone will look at this and point me in the write direction

 

Regards

Teresa :(

Link to comment
Share on other sites

i have now changed a few things in 2 conf files

 

includes/config

define('HTTP_SERVER', 'http://www.ragstobags.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.ragstobags.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.ragstobags.co.uk');

define('HTTPS_COOKIE_DOMAIN', '.ragstobags.co.uk');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

admin/includes/config

 

define('HTTP_SERVER', 'https://www.ragstobags.co.uk'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'https://www.ragstobags.co.uk');

define('HTTPS_CATALOG_SERVER', 'https://www.ragstobags.co.uk');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/xxxxxxx/public_html'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/xxxxxxx/');

define('DIR_FS_ADMIN', '/home/xxxxxx/public_html/');

define('DIR_WS_CATALOG', '/');

define('DIR_FS_CATALOG', '/home/xxxxxx/public_html/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', 'backups/');

 

how i had it before i couldnt get https to work (i still cant)

but i changed the details in the admin section and now have images in admin and its https secure

 

all i need help with now is getting https working on website

 

please help

 

teresa

Link to comment
Share on other sites

If you add an item to the cart then "checkout" it goes HTTPS.

 

My guess is the links on the home page that are supposed to be "secure" aren't coded correctly to use SSL if avaialble.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

i am so confused i been at this for hours, when i put in www.ragstobags.co.uk i get my page when i add product to cart i have a broken link, the other thing when i use hot linking in cpanel at the moment its disabled the above happens. Ive tried changing every option now its broke,

 

please can you help

 

teresa

Link to comment
Share on other sites

here we go agian

 

i have added the htaccess file back, so now the product link is working, i see what you mean that you can add the a product and in checkout it goes to https but the images arent loading properly.

 

When you say links on the home page that are supposed to be "secure" aren't coded correctly to use SSL if avaialble, does this mean my hosting company hasnt set it up right, i have bought a dedicated ssl and they told me it was working

 

could the problem be with the htaccess here is the file

 

# Begin Ultimate SEO V2.2d

Options +FollowSymLinks

RewriteEngine On

 

# RewriteBase instructions

# Change RewriteBase dependent on how your shop is accessed as below.

# http://www.mysite.com = RewriteBase /

# http://www.mysite.com/catalog/ = RewriteBase /catalog/

# http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/

 

# Change the following line using the instructions above

 

RewriteBase /

 

RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING}

RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-pi-(.*).html$ popup_image.php?pID=$2&%{QUERY_STRING}

RewriteRule ^(.*)-by-(.*).html$ all-products.php?fl=$2&%{QUERY_STRING}

RewriteRule ^(.*)-t-(.*).html$ articles.php?tPath=$2&%{QUERY_STRING}

RewriteRule ^(.*)-a-(.*).html$ article_info.php?articles_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-au-(.*).html$ articles.php?authors_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-pr-(.*).html$ product_reviews.php?products_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-pri-(.*).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-f-(.*).html$ faqdesk_info.php?faqdesk_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-fc-(.*).html$ faqdesk_index.php?faqPath=$2&%{QUERY_STRING}

RewriteRule ^(.*)-fri-(.*).html$ faqdesk_reviews_info.php?faqdesk_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-fra-(.*).html$ faqdesk_reviews_article.php?faqdesk_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-i-(.*).html$ information.php?info_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-links-(.*).html$ links.php?lPath=$2&%{QUERY_STRING}

RewriteRule ^(.*)-pm-([0-9]+).html$ info_pages.php?pages_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-n-(.*).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-nc-(.*).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING}

RewriteRule ^(.*)-nri-(.*).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-nra-(.*).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-po-([0-9]+).html$ pollbooth.php?pollid=$2&%{QUERY_STRING}

# End Ultimate SEO V2.2d

 

# Deny domain access to spammers and other scumbags

 

RewriteEngine on

 

php_flag register_globals off

 

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots

 

Deny from env=block_bad_bots

 

 

# Redirect index.php to domain.com

 

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/

 

RewriteRule ^index\.php$ http://www.ragstobags.co.uk/ [R=301,L]

 

 

 

 

# Redirect domain.com to www.domain.com

 

RewriteCond %{HTTP_HOST} ^ragstobags.co.uk [NC]

 

RewriteRule ^(.*)$ http://www.ragstobags.co.uk/$1 [L,R=301]

 

 

 

 

 

RewriteBase /

# filter for most common exploits

 

RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR]

 

RewriteCond %{QUERY_STRING} tool25 [OR]

 

RewriteCond %{QUERY_STRING} cmd.txt [OR]

 

RewriteCond %{QUERY_STRING} cmd.gif [OR]

 

RewriteCond %{QUERY_STRING} r57shell [OR]

 

RewriteCond %{QUERY_STRING} c99 [OR]

 

 

 

 

# ban spam bots

 

RewriteCond %{HTTP_USER_AGENT} almaden [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^attach [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^CICC [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Collector [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Copier [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DA [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Drip [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]

 

RewriteCond %{HTTP_USER_AGENT} email [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]

 

RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^gotit [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR]

 

RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR]

 

RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]

 

RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Iria [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^JustView [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^lftp [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^likse [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Link [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Memo [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Pump [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Snake [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^sproose [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Website [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Webster [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]

 

RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]

 

RewriteCond %{HTTP_USER_AGENT} ^Zeus

 

RewriteRule ^.* - [F,L]

 

RewriteCond %{HTTP_REFERER} ^http://www.ragstobags.co.uk$

 

RewriteRule !^http://[^/.]\.ragstobags.co.uk.* - [F,L]

 

 

# stop hotlinking (gif/jpg) and serve alternate content

I have included an image for you to upload, please note if you use your images out side of your server (like linked into EBAY) you cannot use this.

 

<IfModule mod_rewrite.c>

 

RewriteEngine on

 

RewriteCond %{HTTP_REFERER} !^$

 

RewriteCond %{HTTP_REFERER} !^http://(www\.)?ragstobags\.co.uk/.*$ [NC]

 

RewriteRule .*\.(gif|jpg)$ http://www.ragstobags.co.uk/images/stolen.gif [R,NC,L]

 

</ifModule>

 

 

BAN IP NUMBERS, ALL OF TURKEY

 

 

 

<Limit GET PUT POST>

 

order allow,deny

 

# ban domains

 

deny from .br.geocities.com

 

# ban entire country ~ Turkey

 

deny from 62.29.0.0/17

 

deny from 62.56.128.0/22

 

deny from 62.85.128.0/19

 

deny from 62.108.64.0/19

 

deny from 62.113.0.0/19

 

deny from 62.184.58.0/27

 

deny from 62.185.166.64/26

 

deny from 62.184.178.96/29

 

deny from 62.186.77.0/26

 

deny from 62.201.192.0/18

 

deny from 62.229.128.0/24

 

deny from 62.229.130.0/24

 

deny from 62.244.192.0/18

 

deny from 62.248.0.0/17

 

deny from 64.18.138.0/24

 

deny from 64.28.128.0/20

 

deny from 65.182.7.0/24

 

deny from 66.178.5.0/24

 

deny from 66.178.52.0/24

 

deny from 66.205.36.0/22

 

deny from 69.30.204.0/23

 

deny from 80.71.128.0/20

 

deny from 80.88.138.224/27

 

deny from 80.88.141.160/27

 

deny from 80.251.0.0/20

 

deny from 80.251.32.0/20

 

deny from 81.6.64.0/18

 

deny from 81.8.0.0/17

 

deny from 81.21.160.0/20

 

deny from 81.22.97.0/24

 

deny from 81.31.193.224/29

 

deny from 81.31.195.112/29

 

deny from 81.31.195.136/29

 

deny from 81.31.195.216/30

 

deny from 81.31.196.172/30

 

deny from 81.31.197.16/29

 

deny from 81.31.197.64/30

 

deny from 81.31.197.128/30

 

deny from 81.31.198.152/29

 

deny from 81.31.198.216/29

 

deny from 81.31.199.72/29

 

deny from 81.31.199.140/30

 

deny from 81.31.199.160/29

 

deny from 81.31.200.64/29

 

deny from 81.31.200.76/30

 

deny from 81.212.0.0/14

 

deny from 82.145.224.0/19

 

deny from 82.151.128.0/19

 

deny from 82.222.0.0/16

 

deny from 83.66.0.0/16

 

deny from 83.166.48.0/28

 

deny from 84.11.37.192/26

 

deny from 84.17.64.0/19

 

deny from 84.44.0.0/17

 

deny from 84.51.0.0/18

 

deny from 85.96.0.0/12

 

deny from 85.153.0.0/16

 

deny from 85.158.96.0/21

 

deny from 85.159.64.0/21

 

deny from 85.235.64.0/24

 

deny from 86.108.128.0/17

 

Deny from 88.240.0.0/16

 

deny from 139.179.0.0/16

 

deny from 144.122.0.0/16

 

deny from 155.223.0.0/16

 

deny from 160.75.0.0/16

 

deny from 161.9.0.0/16

 

deny from 168.139.0.0/16

 

deny from 192.70.133.0/23

 

deny from 192.129.87.0/24

 

deny from 192.160.21.0/24

 

deny from 193.23.156.0/24

 

deny from 193.25.124.0/23

 

deny from 193.41.2.0/23

 

deny from 193.42.216.0/24

 

deny from 193.95.0.0/17

 

deny from 193.108.213.0/24

 

deny from 193.109.134.0/23

 

deny from 193.110.170.0/23

 

deny from 193.110.208.0/21

 

deny from 193.140.0.0/16

 

deny from 193.178.218.0/24

 

deny from 193.188.198.0/23

 

deny from 193.192.96.0/19

 

deny from 193.201.149.192/26

 

deny from 193.201.157.0/25

 

deny from 193.218.113.0/24

 

deny from 193.218.200.0/24

 

deny from 193.219.208.0/30

 

deny from 193.220.68.0/24

 

deny from 193.243.192.0/19

 

deny from 193.254.228.0/23

 

deny from 193.254.252.0/23

 

deny from 193.255.0.0/16

 

deny from 194.9.174.0/24

 

deny from 194.24.224.0/23

 

deny from 194.27.0.0/16

 

deny from 194.29.208.0/21

 

deny from 194.54.32.0/19

 

deny from 194.67.205.0/23

 

deny from 194.69.206.0/24

 

deny from 194.117.97.172/30

 

deny from 194.117.110.80/28

 

deny from 194.117.113.72/30

 

deny from 194.117.114.4/30

 

deny from 194.117.118.40/30

 

deny from 194.117.119.4/32

 

deny from 194.117.119.18/32

 

deny from 194.117.119.20/32

 

deny from 194.117.119.22/32

 

deny from 194.117.119.24/32

 

deny from 194.117.119.27/32

 

deny from 194.117.119.34/32

 

deny from 194.117.119.53/32

 

deny from 194.117.119.55/32

 

deny from 194.117.119.58/32

 

deny from 194.117.119.61/32

 

deny from 194.117.119.73/32

 

deny from 194.117.119.76/32

 

deny from 194.117.119.80/32

 

deny from 194.117.119.86/32

 

deny from 194.117.119.93/31

 

deny from 194.117.119.96/32

 

deny from 194.117.119.99/31

 

deny from 194.117.119.108/32

 

deny from 194.117.120.15/32

 

deny from 194.117.120.114/32

 

deny from 194.117.120.233/32

 

deny from 194.117.121.30/32

 

deny from 194.117.121.70/32

 

deny from 194.117.121.96/32

 

deny from 194.117.121.101/32

 

deny from 194.117.121.168/32

 

deny from 194.117.121.192/31

 

deny from 194.117.121.217/32

 

deny from 194.125.232.0/22

 

deny from 194.126.230.0/24

 

deny from 194.133.65.0/24

 

deny from 194.133.160.0/20

 

deny from 194.133.240.0/23

 

deny from 194.133.251.0/24

 

deny from 194.133.253.0/28

 

deny from 194.133.255.0/24

 

deny from 194.242.32.0/24

 

deny from 195.8.109.0/24

 

deny from 195.33.192.0/18

 

deny from 195.39.224.0/23

 

deny from 195.46.128.0/19

 

deny from 195.49.216.0/21

 

deny from 195.64.128.0/18

 

deny from 195.74.32.0/19

 

deny from 195.75.202.0/26

 

deny from 195.75.202.128/25

 

deny from 195.75.222.0/28

 

deny from 195.75.222.24/29

 

deny from 195.75.222.160/27

 

deny from 195.75.236.0/28

 

deny from 195.75.236.96/29

 

deny from 195.75.236.112/28

 

deny from 195.75.238.0/25

 

deny from 195.79.199.192/29

 

deny from 195.79.204.192/27

 

deny from 195.85.242.0/24

 

deny from 195.85.255.0/24

 

deny from 195.87.0.0/16

 

deny from 195.112.128.0/19

 

deny from 195.112.160.16/30

 

deny from 195.112.166.12/30

 

deny from 195.112.166.52/30

 

deny from 195.112.166.60/30

 

deny from 195.112.166.68/29

 

deny from 195.112.166.80/30

 

deny from 195.128.32.0/21

 

deny from 195.128.254.0/23

 

deny from 195.137.222.0/23

 

deny from 195.140.196.0/22

 

deny from 195.142.0.0/16

 

deny from 195.149.85.0/24

 

deny from 195.149.116.0/24

 

deny from 195.155.0.0/16

 

deny from 195.174.0.0/15

 

deny from 195.177.206.0/23

 

deny from 195.177.230.0/23

 

deny from 195.183.236.192/26

 

deny from 195.212.230.0/24

 

deny from 195.212.244.8/29

 

deny from 195.213.69.144/28

 

deny from 195.214.128.0/18

 

deny from 195.234.165.0/24

 

deny from 195.242.122.0/23

 

deny from 195.244.32.0/19

 

deny from 195.245.227.0/24

 

deny from 195.254.128.0/19

 

deny from 196.3.132.0/20

 

deny from 196.29.64.0/19

 

deny from 196.32.32.0/19

 

deny from 196.203.0.0/16

 

deny from 199.89.210.0/24

 

deny from 200.3.176.0/21

 

deny from 200.9.216.0/24

 

deny from 200.108.0.0/19

 

deny from 201.238.64.0/18

 

deny from 209.94.192.0/19

 

deny from 212.2.192.0/19

 

deny from 212.12.128.0/19

 

deny from 212.15.0.0/19

 

deny from 212.21.197.240/29

 

deny from 212.29.64.0/18

 

deny from 212.31.0.0/19

 

deny from 212.33.0.0/19

 

deny from 212.45.64.0/19

 

deny from 212.48.224.0/19

 

deny from 212.50.32.0/19

 

deny from 212.57.0.0/19

 

deny from 212.58.0.0/19

 

deny from 212.63.170.168/30

 

deny from 212.63.172.212/30

 

deny from 212.63.172.224/30

 

deny from 212.63.180.0/30

 

deny from 212.63.180.8/30

 

deny from 212.63.180.16/30

 

deny from 212.63.180.28/30

 

deny from 212.63.180.40/29

 

deny from 212.63.180.56/30

 

deny from 212.63.180.68/30

 

deny from 212.63.180.84/30

 

deny from 212.63.180.92/30

 

deny from 212.63.180.108/29

 

deny from 212.63.180.120/29

 

deny from 212.63.180.200/30

 

deny from 212.64.192.0/19

 

deny from 212.65.128.0/19

 

deny from 212.79.96.0/22

 

deny from 212.79.122.0/23

 

deny from 212.98.0.0/19

 

deny from 212.98.192.0/18

 

deny from 212.101.96.0/19

 

deny from 212.108.128.0/19

 

deny from 212.109.96.0/19

 

deny from 212.109.224.0/19

 

deny from 212.115.0.0/19

 

deny from 212.125.0.0/19

 

deny from 212.127.96.0/19

 

deny from 212.133.128.0/17

 

deny from 212.146.128.0/17

 

deny from 212.154.0.0/17

 

deny from 212.156.0.0/16

 

deny from 212.174.0.0/15

 

deny from 212.252.0.0/15

 

deny from 213.14.0.0/16

 

deny from 213.31.190.48/28

 

deny from 213.31.223.144/28

 

deny from 213.43.0.0/16

 

deny from 213.62.14.64/26

 

deny from 213.62.40.192/26

 

deny from 213.74.0.0/16

 

deny from 213.138.0.0/19

 

deny from 213.139.192.0/18

 

deny from 213.143.224.0/19

 

deny from 213.144.96.0/19

 

deny from 213.148.64.0/19

 

deny from 213.150.160.0/19

 

deny from 213.153.128.0/17

 

deny from 213.155.96.0/19

 

deny from 213.159.32.0/19

 

deny from 213.161.128.0/19

 

deny from 213.181.38.192/26

 

deny from 213.186.128.0/19

 

deny from 213.194.64.0/18

 

deny from 213.202.0.0/19

 

deny from 213.204.64.0/18

 

deny from 213.208.3.192/29

 

deny from 213.208.39.0/24

 

deny from 213.209.169.144/29

 

deny from 213.232.0.0/18

 

deny from 213.236.32.0/19

 

deny from 213.238.128.0/18

 

deny from 213.243.0.0/18

 

deny from 213.248.128.0/18

 

deny from 213.254.128.0/19

 

deny from 216.139.188.192/27

 

deny from 217.17.144.0/20

 

deny from 217.21.68.0/22

 

deny from 217.23.110.96/27

 

deny from 217.31.224.0/19

 

deny from 217.64.144.0/20

 

deny from 217.64.208.0/20

 

deny from 217.68.208.0/20

 

deny from 217.77.241.113/32

 

deny from 217.77.241.218/32

 

deny from 217.77.242.169/32

 

deny from 217.77.246.192/30

 

deny from 217.131.0.0/16

 

deny from 217.138.38.248/29

 

deny from 217.169.192.0/20

 

deny from 217.173.157.128/28

 

deny from 217.173.157.192/27

 

deny from 217.173.158.64/27

 

deny from 217.174.32.0/20

 

deny from 217.174.224.0/20

 

deny from 217.194.135.160/28

 

deny from 217.195.192.0/20

 

# Ban a few extra ips

 

deny from 81.169.137.114

 

deny from 74.53.46.98

 

deny from 75.126.134.16

 

deny from 203.194.159.159

 

deny from 203.196.161.116

 

deny from 201.72.166.36

 

deny from 212.65.64.19

 

deny from 212.12.114.142

 

deny from 212.241.213.57

 

deny from 219.95.39.53

 

deny from 209.200.253.165

 

deny from 201.72.166.36

 

deny from 213.203.223.25

 

deny from 66.249.67.86

 

deny from 200.140.15.3

 

deny from 83.11.204.75

 

deny from 83.11.202.74

 

deny from 83.11.241.28

 

deny from 83.240.152.23

 

deny from 83.217.84.73

 

deny from 83.145.82.134

 

deny from 85.108.245.115

 

deny from 61.222.92.150

 

deny from 24.83.72.98

 

deny from 59.94.170.4

 

allow from all

 

</Limit>

 

 

# deny most common except .php

 

<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">

 

deny from all

 

</FilesMatch>

 

 

# Disable .htaccess viewing from browser

 

<Files ~ "^\.ht">

 

Order allow,deny

 

Deny from all

 

Satisfy All

 

</Files>

 

 

# Disable access to config.php

 

<Files ~ "includes\configure.php$">

 

deny from all

 

</Files>

 

 

FORCE TYPE

 

<Files site>

 

ForceType application/x-httpd-php

 

</Files>

 

 

Thank you for your repsonse, i do appricate it

 

Teresa

Link to comment
Share on other sites

this is what i found in my index page

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

would this need changing,

 

Teresa

Link to comment
Share on other sites

  • 1 year later...

Reviving this old thread because I would like to enable force cookies but can't because the customer is redirected to the cookie_usage.php page.

 

I realise that this has been covered quite extensively in this thread, however the solutions given do not solve the issue (At least for me!).

 

Earlier in the thread in a post added a few years ago, @@AlanR created a file called myenv.php to enable us to be able to see our server environment in order to affect changes to application_top.php here:- http://www.oscommerce.com/forums/topic/151162-the-ssl-in-oscommerce-guide-for-the-innocent/page__st__60#entry713688 - its going back a bit.

 

In my case the relevant server response was 'on' therefore theoretically I would not need to change application_top.php. I did attempt the other suggested options but was unable to get a better result.

 

The shop has a unique SSL certifcate, not a shared one (Which I believe would usually trigger the cookie_usage response).

 

This is the relevant part of my config file:-

 

define('HTTP_SERVER', 'http://www.mysite.com');

define('HTTPS_SERVER', 'https://www.mysite.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'http://www.mysite.com');

define('HTTPS_COOKIE_DOMAIN', 'https://www.mysite.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

The shop is currently working perfectly but the reason that I would like to shift from having the session ID in the url to forcing cookie usage is because Google is listing the same content multiple times and as such may down-rate the site. So it's not mission critical as such but is very much a nice to have.

Link to comment
Share on other sites

define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...