Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Time to get secure (if you haven't already)


frankl

Recommended Posts

Hi Steve,

It's in catalog/includes/modules/boxes/bm_manufacturers.php in my bootstrap test shop :

            $manufacturers_list .= '<li><a href="' . tep_href_link('index.php', 'manufacturers_id=' . $manufacturers['manufacturers_id']) . '">' . $manufacturers_name . '</a></li>';

I think that we have the same activity LOL.

with OsC 2.2 since 2006 ...

Link to comment
Share on other sites

  • Replies 140
  • Created
  • Last Reply

updated my letsencryot certs with the dev version of acmephp, beta release failed to update on my system

KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Link to comment
Share on other sites

Ok, I have moved to https.... Because I have a bunch of addon domains I had to rejig the .htacess a bit. Here is what I have settled with

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(mywebsite)\.com$ [NC]
RewriteRule ^ https://www.%1.com%{REQUEST_URI} [R=302,L,NE] 

RewriteCond %{HTTP_HOST} ^mywebsite.com [NC]
RewriteRule ^(.*)$ http://www.mywebsite\.com/$1 [L,R=301]

All the redirects seem to be working... I have set up a new property on webmaster tools, verified it and ran new site maps... tested and uploaded them.

 

Also updated all by FB and google ads (although the should be re-redirecting anyway).

Link to comment
Share on other sites

Why is http: -> https: only a 302 (temporarily relocated) rather than 301 (permanently relocated)?

 

Why do you have your "add www." only going to http:? If someone gives https://mywebsite.com, it will end up going to http://www.mywebsite.com. And you may need R=301,L rather than L,R=301 (I've heard that the order of flags is important).

Link to comment
Share on other sites

Here we go.... thank you @@MrPhil for pointing out the error/s...

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(mywebsite)\.com$ [NC]
RewriteRule ^ https://www.%1.com%{REQUEST_URI} [R=301,L,NE] 

RewriteCond %{HTTP_HOST} ^mywebsite.com [NC]
RewriteRule ^(.*)$ https://www.mywebsite\.com/$1 [L,R=301]
Link to comment
Share on other sites

  • 2 weeks later...

@@greasemonkey @@MrPhil

 

I have an old testing area xyz.domain.com that needs to be redirected to https - but i can not figure out how to do it. Rest of redirects to https are working okay.

 

http://xyz.domain.com needs to redirect to https://www.domain.com - I came up with

RewriteCond %{HTTP_HOST} ^xyz\.
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

Obviously this is not wotking - Any thoughts?

 

Thanks! Arjan

Link to comment
Share on other sites

@@ecommunlimited @@MrPhil

 

Thanks for the hints! I will test it tonight and will give feedback - hence ask for further directions..

 

 

What is "not working"?

 

That was indeed very vague :D  .. It was allready very late in the night .... The SSL move took longer than I expected but so far so good!

 

All important redirects work as far as I can see. But it took a fair amount of time to get rid of some smaller issues (EG embedded video - make the right changes in Google Search Console - Redirects of Payment Service Provider - Some sloppy programming issues from years ago - etc.etc) ...

 

So for those of you who want to migrate to SSL .. do not under-estimate the amaount of work involved.

 

Thanks again!

 

Arjan

Link to comment
Share on other sites

It occurs to me that if putting the entire site under SSL is going to be such a good idea (and osC goes to that as the standard architecture*), it would be a good time to combine a lot of the catalog and admin code. For instance, osC could use one common configure.php, and eliminate all the (near) duplicate files, such as admin's copy of html_output.php**. A longer term project would be to remove the SSL flag from tep_href_link() etc. since it will be ignored, and merging all the HTTP_* and HTTPS_* stuff, further simplifying and speeding up the code. What think? If the "admin" subtree is going to be kept under password control, does that cause problems with references to the common libraries (e.g., html_output)? If it does, is there still a good reason to keep admin under (server) password control, if a good osC-level ID/password is implemented?

 

* Would anyone NOT want to run osC under SSL? Every browser supports SSL, but it's still an extra-cost item on the server side.

** Many of these support files have diverged over time, and will have to be reconciled.

Link to comment
Share on other sites

  • 3 weeks later...

Hi there

in the process of changing site to https all seems under control

 

Just looking for clarification about adding to the Google Search Console.

Do I create a whole new property or just update the http to https in the search console.

 

"Add the HTTPS property to Search Console"

 

Many thanks Doug:->

Link to comment
Share on other sites

The swap to full https went relatively easy. I did have a problem with Chrome and a certificate warning but with the usual help from this forum I got it sorted. I also added a redirect to the htaccess file to make sure that all old links pointing to the site were changed to https. The xml_sitemap addon made creating new xml sitemaps a real breeze and it was easy to submit them to all the search engines.

 

I have not noticed any real difference in traffic to the site, but have a few customers comment about the change, all good I hasten to add. I did send a customer newsletter out to let people know of the change and that they should update all of their saved links to the site.

 

I think its more about how customers see your site and its security rather than gaining any benefits in the searches.

 

When I created a new property with google, it did take time for the data to be filled but that was expected. When checking the old and new data there is very little difference between the two mainly I suppose because of the redirects.

 

I hope the swap goes as easily for you as it did for me.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

@@14steve14

 

Just been reading up and yes you are right Google recommends adding as a new property... but then

 

How do you then manage the tracking code as a new property creates a new tracking id etc

 

Do you somehow have 2 tracking codes in the google code or am I missing something?

 

(do you just drop the old tracking and add the new property code?)

 

Doug

 

we posted the same time (great to hear it all went well for you)

Link to comment
Share on other sites

All I seem to remember doing was when logged into my webmaster tools account I clicked the ADD NEW PROPERTY button up in the top right corner and it did what ever google does and just added a new link.

 

Nothing more complicated than that as far as I can remember

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

Login to your google account if you have one. Starting from my google dashboard page I click on webmaster tools, then click on Manage my sites and then in the top right corner click on add a property.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

Hi thanks for your help

I am able to create a new property but in doing that I get another property id in the analytics code

 

So does that mean to get the tracking for the new https version I need to change the id in the analytics code?

 

and also re-verify the site.

Link to comment
Share on other sites

 

@@Dan Cole it show me secure connection..

until I still have the error  on https://www.whynopadlock.com/


Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol

Hi if you have vps cloud like a Debian or Ubuntu Change in /etc/apache2/mods-available/ssl.conf  the line referent to ssl

SSLProtocol all= (all protocols)  change for this SSLProtocol all -SSLv3 -SSLv2

No external links here, thank you

Link to comment
Share on other sites

  • 2 weeks later...

Hi there

I have the below to redirect from http to https. All is fine but I have just noticed an issue

 

if I type just   mydomain.com.au into the address bar I get a page not found and this

 

https://www.mydomain.com.au/%5bR=301,L%5d

 

or if i type https://mydomain.com.au I get this

 

https://www.mydomain.com.au/%5bR=301,L%5d

 

 

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]

 
 
All help appreciated
Doug
Link to comment
Share on other sites

  • 2 weeks later...

Did you check how google look the page?

 

I have on htaccess:

 

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]
 
and if try on search console google view:
 
 
so add ?products_id=65122
 
maybe some problem with SEO and 301 redirect on htaccess?
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...