Jump to content

Archived

This topic is now archived and is closed to further replies.

grandpaj

Secure Admin

Recommended Posts

hi

 

I am having untold problems securing the Admin area thru a shared SSL am at the moment about to organize our own SSL with our hosts, and hoping that, that will fix the problem. In the meantime is this adequate security for the admin area. 1)change admin name 2) secure thru htpasswd_oscommerce. Also is it necessary to secure the admin area thru SSL, and is it normal to experience problems thru shared SSL or does it really mean we may have issues somewhere else.

We have our site secured thru shared SSL at the moment and all seems to work OK. The problems seem to arise trying to secure the admin area thru shared SSL

define('HTTP_SERVER', 'http://www.grandpas.co.nz');
  define('HTTPS_SERVER', 'https://www.skyhawk.mysecure.co.nz/~grandp');
  define('ENABLE_SSL', true);
  define('HTTP_COOKIE_DOMAIN', '/');
  define('HTTPS_COOKIE_DOMAIN', '/');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');
  define('HTTP_CATALOG_SERVER', 'http://www.grandpas.co.nz');
  define('HTTPS_CATALOG_SERVER', 'https://www.skyhawk.mysecure.co.nz/~grandp');
  define('ENABLE_SSL_CATALOG', 'true');
  define('DIR_FS_DOCUMENT_ROOT', '/home/grandp/public_html/BS234ORG/');
  define('DIR_WS_ADMIN', '/BS234ORG/ADMIN/');
  define('DIR_WS_HTTPS_ADMIN', '/BS234ORG/ADMIN/');
  define('DIR_FS_ADMIN', '/home/grandp/public_html//BS234ORG/ADMIN/');
  define('DIR_WS_CATALOG', '/BS234ORG/');
  define('DIR_WS_HTTPS_CATALOG', '/BS234ORG/');
  define('DIR_FS_CATALOG', '/home/grandp/public_html/BS234ORG/');

I have also played around with various code in

 

define('HTTP_COOKIE_DOMAIN', '/');
  define('HTTPS_COOKIE_DOMAIN', '/');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');

 

Any constructive comments greatly appreciated. Have been trying to sort this for a very long time.

 

Cheers

 

Grandpa

Share this post


Link to post
Share on other sites

When using a shared ssl for the admin, the url's have to be for the shared ssl. You are using a non-secure url to the main domain. You also have double slashes in the DIR_FS_ADMIN definition.

Share this post


Link to post
Share on other sites

@@Jack_mcs

 

Hi Jack

 

Thank you so much for your help Ive changed to the following, but still not correct.

I really don't understand all this stuff.Would I be better to wait until the SSL cert is installed, although I'm not to sure whether that will change anything or give me more headaches.

define('HTTP_SERVER', 'https://skyhawk.mysecure.co.nz');
  define('HTTPS_SERVER', 'https://www.skyhawk.mysecure.co.nz/~grandp');
  define('ENABLE_SSL', true);
  define('HTTP_COOKIE_DOMAIN', '/');
  define('HTTPS_COOKIE_DOMAIN', '/');
  define('HTTP_COOKIE_PATH', '/grandp/BS234ORG');
  define('HTTPS_COOKIE_PATH', '/grandp/BS234ORG');
  define('HTTP_CATALOG_SERVER', 'https://skyhawk.mysecure.co.nz');
  define('HTTPS_CATALOG_SERVER', 'https://www.skyhawk.mysecure.co.nz/~grandp');
  define('ENABLE_SSL_CATALOG', 'true');

With the above changes I get the following

 

,The requested page requires authentication:

    skyhawk.mysecure.co.nz/~grandp/My1275MiniV3/index.php (port 443)

Please forward this error screen to skyhawk.mysecure.co.nz's WebMaster.

 

Maybe getting close. Look forward to your comments

 

Kind regards

 

Grandpa

Share this post


Link to post
Share on other sites

@@Jack_mcs

Hi Jack

 

Have been trying more have this code

 define('HTTP_SERVER', 'http://www.skyhawk.mysecure.co.nz');
  define('HTTPS_SERVER', 'https://www.skyhawk.mysecure.co.nz/~grandp');
  define('ENABLE_SSL', true);
  define('HTTP_COOKIE_DOMAIN', 'skyhawk.mysecure.co.nz');
  define('HTTPS_COOKIE_DOMAIN', 'skyhawk.mysecure.co.nz');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');
  define('HTTP_CATALOG_SERVER', 'http://www.skyhawk.mysecure.co.nz');
  define('HTTPS_CATALOG_SERVER', 'https://www.skyhawk.mysecure.co.nz/~grandp');
  define('ENABLE_SSL_CATALOG', 'true');
  define('DIR_FS_DOCUMENT_ROOT', '/home/grandp/public_html/BS234ORG/');
  define('DIR_WS_ADMIN', '/BS234ORG/ADMIN/');
  define('DIR_WS_HTTPS_ADMIN', '/BS234ORG/ADMIN/');
  define('DIR_FS_ADMIN', '/home/grandp/public_html/BS234ORG/ADMIN/');

And now get

 

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    This problem can sometimes be caused by disabling or refusing to accept cookies.

 

Im getting well over it, as I really don't have a clue as to what to try next. Many thanks for any help

 

Kind regards

 

Grandpa

Share this post


Link to post
Share on other sites

Can you see the difference?

 define('HTTP_SERVER', 'http://www.skyhawk.mysecure.co.nz');
 define('HTTPS_SERVER', 'https://www.skyhawk.mysecure.co.nz/~grandp');

If you open a browser and paste each of the url's into it, do they both display your shop?

Share this post


Link to post
Share on other sites

@@Jack_mcs

 

Hi Jack

 

Many thanks. At the moment just getting our own SSL Cert installed by web host. No doubt I'll be back soon as nothing ever seems go smoothly for me.

 

Cheers

Share this post


Link to post
Share on other sites

@@grandpa
Using this forum is new to me. I don't know anything about coding and at 71, I don't really want to learn but for at least another year, I need to keep two websites continue to work well. 
Both sites are OS Commerce but one of the sites is a very old (2007). I need to terminate a webmaster but I can't remember how to change the Password on my Admin Panel. I used to know how to change it but my memory has failed me. Can anyone guide me to the right place, to change the password for the Admin Panel? I don't

know if I need to pay for this help or not but I would be very grateful for your help.

Ann
PS. At my age, I don't do Tweets and seldom use FB, so social networking isn't my forte.

 

Share this post


Link to post
Share on other sites

×