Time to get secure (if you haven't already)

[MrPhil 648]

The first rewrite should force HTTPS if it was an HTTP request. Note that I usually see !on rather than off -- try that if yours doesn't work. In the second rewrite, the check for HTTPS on is probably redundant, as you've already forced HTTPS. You might be able to remove that line. For clarity, if nothing else, put a space between $1 and the [R=.

[♥John W 118]

@@MrPhil

You're right in that the second check for HTTPS is redundant.  I removed it and tested and it works fine.

[♥John W 118]

@@grandpaj

Just to follow up.  You do know you have to make changes in config also to go full SSL, correct?  Also, do a lot of testing to make sure you don't have any issues.  For me, Thanksgiving is a good day to do stuff because no one is on my site.  Probably not as much a factor in NZ though :)

[grandpaj 25]

@@John W

 

Hi John

 

I have the following in my config file (shop)

 

define('HTTP_SERVER', 'https://www.grunas.co.nz');    (URL changed for forum only)
  define('HTTPS_SERVER', 'https://www.grunas.co.nz');
  define('ENABLE_SSL', true);

 

As far as testing, Ive clicked around logging in, shopping cart etc

Seems to work OK.

 

Look forward to your comments

 

and .htaccess

 

RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]

[♥John W 118]

If you have a sitemap, check that and make sure it's creating https.  I have one that runs dailey and I had to run it to check.  Also, make sure your Adwords and anything like that you have is pointing to https pages now also. 

[grandpaj 25]

@@John W

 

Hi John

 

Sitemap shows URL as https, at the moment I don't have any Adwords maybe I should search info about these and "get some".

 

Another good earthquake here in NZ a few hours ago, all good where we live, at the moment.

 

Cheers

 

John

[♥John W 118]

Hey @@grandpaj,

 

I just clicked the URL in your member screen and it did not redirect me to https.  Do you have your .htaccess redirects active now, or just testing.  When I click on your home on your page it does go SSL.

 

If you haven't done Adwords, then I can talk to my rep about getting you a promo with some free ads.  I don't know if they still do it but it's happened before.  I've used it since 2003.  We can talk more on a dedicated thread, but Adwords pays off.

[MrPhil 648]

 

RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]

 

Um, why the check for on in the first line? You would want !on or off there. Otherwise it won't change HTTP to HTTPS.

[grandpaj 25]

@@MrPhil

 

Hi Phil

 

This is what I have

 

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]

 

If I change line 1 to "on" and delete line 3. Site dissapears

 

If I just use

RewriteCond %{HTTPS} !on
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Site is all good

 

So now Im completely confused.

 

@@John W

Hi John

 

Somehow I had deactivated the redirect now hopefully should all work. Here's hopeing. Should I pm you re adwords.

 

Cheers

Grandpa

[♥Dan Cole 546]

Should I pm you re adwords.

 

How about a thread on it...I would love to know how to make Adwords work....I've tried it several times and the only one making money from my efforts was Google.

 

Dan

[grandpaj 25]

 

How about a thread on it...I would love to know how to make Adwords work....I've tried it several times and the only one making money from my efforts was Google.

 

Dan

 

Agreed, will wait for JohnW's reply.

 

Cheers

Grandpa

[♥John W 118]

@@Dan Cole @@grandpaj

 

I'm no expert on Adwords but in recent months I've got it running better.  We can start a thread on it, but i'm not the best at long detailed explantions and I'm still tweaking.  Adwords seems to continuously grow in complexity and capabilities.  I'll try to gather some thoughts and start a thread, but if one of you wants to get it going first I'm sure as a group we can help each other. 

[MrPhil 648]

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} on

RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]

RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]

OK, that looks good, although the line 3 is redundant (it should always be HTTPS after lines 1 and 2).

 

If I change line 1 to "on" and delete line 3. Site dissapears

Why in the world did you do that? That would only rewrite the URL (line 2, to change http to https) if the protocol was already HTTPS! In other words it would loop indefinitely (and the site would disappear -- probably a 500 error). Line 1 could be changed to !on (notice the bang), or possibly !^on.

 

If I just use

RewriteCond %{HTTPS} !on

 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

I assume you're just talking about the first two lines, and not removing the www add. As discussed above, !on should be correct. You want to redirect the request to HTTPS only if it's currently HTTP (not 'on').

[grandpaj 25]

@@MrPhil

 

Hi Phil

 

Ended up with this, hopefully all now correct, (if I have understood your previous posts correctly)

 

 

RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]

 

Many thanks

Grandpa

[ArtcoInc 364]

On my site, I'm using this ...

RewriteEngine on

#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#Then, rewrite to /catalog
RewriteCond %{REQUEST_URI} !^/catalog [NC]
RewriteRule ^(.*)$ /catalog/$1 [L]

#Now, rewrite to HTTPS:
#RewriteCond %{HTTPS} off
#RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

(no, I'm not running the whole site under the SSL yet, so there are only two redirects ... one to add the www. , the other to redirect to the /catalog directory)

 

However, GTMETRIX is giving me an F grade for Avoid landing page redirects

 

Avoid landing page redirects for the following chain of redirected URLs.

• http://glovesforglassblowers.com/
• http://glovesforglassblowers.com/catalog/
• http://www.glovesforglassblowers.com/catalog/

 

And, I am afraid that adding the additional redirect to to the HTTPS will make thing worse.

 

Can someone write a way to combine:

1) add WWW.

2) add HTTPS

3) redirect to /catalog

 

all in one redirect?

 

TIA !

 

Malcolm

[♥John W 118]

Hey @@ArtcoInc,

 

Maybe now is a good time to think about moving your catalog to your root directory.  What do you think?  You can rewrite anyone that goes to your /catalog/  directory easily. 

[MrPhil 648]

Try to avoid moving your store to the root. It's better under /catalog or /store, as 1) you don't clutter up your site root files with store stuff, 2) you won't interfere with any other applications you want to install (having to go through osC's .htaccess, for example), 3) your store is neatly partitioned away from everything else and can be removed, changed, or upgraded without fear of breaking something else on your site, and 4) all those SE indexes and user bookmarks to /catalog won't break.

 

It's certainly possible to set up your rewrite rules with extra conditions (multiple RewriteConds) so that you don't have more than one redirect. It's not ideal to have multiple 301 redirects for a given query.

if HTTPS and is www and is /catalog (three RewriteConds)  [do nothing]
if HTTP and is www and is /catalog
  redirect to https:// 301
if HTTPS and non-www and is /catalog
  redirect to www  301
if HTTPS and www and is non /catalog
  redirect to /catalog  200
...etc...

[Omar_one 149]

Hello,

 

I have paid SSL and I changed the configure.php files and .htaccess

 

here is the catalog configure.php

  define('HTTP_SERVER', 'http://www.mysite.com');
  define('HTTPS_SERVER', 'https://www.mysite.com');
  define('ENABLE_SSL', 'true');
  define('HTTP_COOKIE_DOMAIN', '.www.mysite.com');
  define('HTTPS_COOKIE_DOMAIN', '.www.mysite.com');

and here admin configure.php

  define('HTTP_SERVER', 'https://www.mysite.com');
  define('HTTP_CATALOG_SERVER', 'https://www.mysite.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');
  define('ENABLE_SSL_CATALOG', 'true');

and here is .htaccess

# If you are getting errors you may need to comment this out like ..
# Options +FollowSymLinks
#Options +SymLinksIfOwnerMatch
<IfModule mod_rewrite.c>
  RewriteEngine On

  # RewriteBase instructions
  # Change RewriteBase dependent on how your shop is accessed as below.
  # http://www.mysite.com = RewriteBase /
  # http://www.mysite.com/catalog/ = RewriteBase /catalog/ 
  # http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/

  # Change RewriteBase using the instructions above  
  RewriteBase / 
  RewriteRule ^([a-z0-9-/]+)-p-([0-9]+).html$ product_info.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-c-([0-9_]+).html$ index.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-m-([0-9]+).html$ index.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-pi-([0-9]+).html$ popup_image.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-pr-([0-9]+).html$ product_reviews.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-pri-([0-9]+).html$ product_reviews_info.php [NC,L,QSA]
  # Articles contribution
  RewriteRule ^([a-z0-9-/]+)-t-([0-9_]+).html$ articles.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-au-([0-9]+).html$ articles.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-a-([0-9]+).html$ article_info.php [NC,L,QSA]
  # Information pages
  RewriteRule ^([a-z0-9-/]+)-i-([0-9]+).html$ information.php [NC,L,QSA]
  # Links contribution
  RewriteRule ^([a-z0-9-/]+)-links-([0-9_]+).html$ links.php [NC,L,QSA]
  # Newsdesk contribution
  RewriteRule ^([a-z0-9-/]+)-n-([0-9]+).html$ newsdesk_info.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-nc-([0-9]+).html$ newsdesk_index.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-nri-([0-9]+).html$ newsdesk_reviews_info.php [NC,L,QSA]
  RewriteRule ^([a-z0-9-/]+)-nra-([0-9]+).html$ newsdesk_reviews_article.php [NC,L,QSA]
</IfModule>
  

  RewriteCond %{HTTPS} !on
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

and when i open my site it show that

 

 

[♥Dan Cole 546]

@@Omar_one  Sounds like you have an image call or something on the page that isn't secure....try posting your url here...

 

https://www.whynopadlock.com/

 

Dan

[♥John W 118]

@@Omar_one

the first line of your catalog config needs to point to https if you want to make your whole site SSL.

[Omar_one 149]

Thank you @@Dan Cole

here is what I got :

1. Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol.
Server certificate.

2.Insecure URL: http://www.mysite.com/favicon.ico
Found ...... I can't found it there.

3. Insecure URL: http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
Found

[Omar_one 149]

I fixed  (force Script over SSL)

3. Insecure URL: http://ajax.googleap...2/jquery.min.js
Found

by replace 

 <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

with this

<cfoutput>
            <script src="http#( ( cgi.https IS 'on' ) ? 's' : '' )#://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
   
</cfoutput>

Or you can simply drop the protocol, i.e. "http", from the URL and the browser will use whatever the current request happens to be using:

  <script src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

[♥Dan Cole 546]

@@Omar_one  For the favicon.ico.  Try adding one to your root directory.

 

Dan

[Omar_one 149]

@@Dan Cole still same problem

[♥John W 118]

Move your favicon into your image folder and put a link to it in your template_top like this

  <link rel="shortcut icon" href="/images/favicon.ico">