Jump to content
Latest News: (loading..)
frankl

Time to get secure (if you haven't already)

Recommended Posts

Hi Steve,

It's in catalog/includes/modules/boxes/bm_manufacturers.php in my bootstrap test shop :

            $manufacturers_list .= '<li><a href="' . tep_href_link('index.php', 'manufacturers_id=' . $manufacturers['manufacturers_id']) . '">' . $manufacturers_name . '</a></li>';

I think that we have the same activity LOL.


Live   : OsC 2.2, php 5.4 & UTF-8  |  Local : OsC 234BS php7.2 Edge for future shop

Share this post


Link to post
Share on other sites

I have seen that bit of code, but cannot see where it is making the link http rather than https. The configure file does not contain any http they were all changed to https.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

updated my letsencryot certs with the dev version of acmephp, beta release failed to update on my system


KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Share this post


Link to post
Share on other sites

Ok, I have moved to https.... Because I have a bunch of addon domains I had to rejig the .htacess a bit. Here is what I have settled with

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(mywebsite)\.com$ [NC]
RewriteRule ^ https://www.%1.com%{REQUEST_URI} [R=302,L,NE] 

RewriteCond %{HTTP_HOST} ^mywebsite.com [NC]
RewriteRule ^(.*)$ http://www.mywebsite\.com/$1 [L,R=301]

All the redirects seem to be working... I have set up a new property on webmaster tools, verified it and ran new site maps... tested and uploaded them.

 

Also updated all by FB and google ads (although the should be re-redirecting anyway).

Share this post


Link to post
Share on other sites

Why is http: -> https: only a 302 (temporarily relocated) rather than 301 (permanently relocated)?

 

Why do you have your "add www." only going to http:? If someone gives https://mywebsite.com, it will end up going to http://www.mywebsite.com. And you may need R=301,L rather than L,R=301 (I've heard that the order of flags is important).


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

@@greasemonkey @@MrPhil

 

I have an old testing area xyz.domain.com that needs to be redirected to https - but i can not figure out how to do it. Rest of redirects to https are working okay.

 

http://xyz.domain.com needs to redirect to https://www.domain.com - I came up with

RewriteCond %{HTTP_HOST} ^xyz\.
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

Obviously this is not wotking - Any thoughts?

 

Thanks! Arjan

Edited by azpro

Share this post


Link to post
Share on other sites

What is "not working"? Your redirection should redirect http: or https://xyz.domain.com to https://www.domain.com, but will not redirect http://www.domain.com. @@ecommunlimited's redirection looks like it should work.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

@@ecommunlimited @@MrPhil

 

Thanks for the hints! I will test it tonight and will give feedback - hence ask for further directions..

 

 

What is "not working"?

 

That was indeed very vague :D  .. It was allready very late in the night .... The SSL move took longer than I expected but so far so good!

 

All important redirects work as far as I can see. But it took a fair amount of time to get rid of some smaller issues (EG embedded video - make the right changes in Google Search Console - Redirects of Payment Service Provider - Some sloppy programming issues from years ago - etc.etc) ...

 

So for those of you who want to migrate to SSL .. do not under-estimate the amaount of work involved.

 

Thanks again!

 

Arjan

Share this post


Link to post
Share on other sites

It occurs to me that if putting the entire site under SSL is going to be such a good idea (and osC goes to that as the standard architecture*), it would be a good time to combine a lot of the catalog and admin code. For instance, osC could use one common configure.php, and eliminate all the (near) duplicate files, such as admin's copy of html_output.php**. A longer term project would be to remove the SSL flag from tep_href_link() etc. since it will be ignored, and merging all the HTTP_* and HTTPS_* stuff, further simplifying and speeding up the code. What think? If the "admin" subtree is going to be kept under password control, does that cause problems with references to the common libraries (e.g., html_output)? If it does, is there still a good reason to keep admin under (server) password control, if a good osC-level ID/password is implemented?

 

* Would anyone NOT want to run osC under SSL? Every browser supports SSL, but it's still an extra-cost item on the server side.

** Many of these support files have diverged over time, and will have to be reconciled.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Hi there

in the process of changing site to https all seems under control

 

Just looking for clarification about adding to the Google Search Console.

Do I create a whole new property or just update the http to https in the search console.

 

"Add the HTTPS property to Search Console"

 

Many thanks Doug:->

Share this post


Link to post
Share on other sites

I added the https as a totally new property. I think I read somewhere that that was the best thing to do.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

Thank-you...

How has the swap gone for you.

So did you notice traffic on the old property disappear and then appear on the new property and did you need to change tracking code etc

Share this post


Link to post
Share on other sites

The swap to full https went relatively easy. I did have a problem with Chrome and a certificate warning but with the usual help from this forum I got it sorted. I also added a redirect to the htaccess file to make sure that all old links pointing to the site were changed to https. The xml_sitemap addon made creating new xml sitemaps a real breeze and it was easy to submit them to all the search engines.

 

I have not noticed any real difference in traffic to the site, but have a few customers comment about the change, all good I hasten to add. I did send a customer newsletter out to let people know of the change and that they should update all of their saved links to the site.

 

I think its more about how customers see your site and its security rather than gaining any benefits in the searches.

 

When I created a new property with google, it did take time for the data to be filled but that was expected. When checking the old and new data there is very little difference between the two mainly I suppose because of the redirects.

 

I hope the swap goes as easily for you as it did for me.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

@@14steve14

 

Just been reading up and yes you are right Google recommends adding as a new property... but then

 

How do you then manage the tracking code as a new property creates a new tracking id etc

 

Do you somehow have 2 tracking codes in the google code or am I missing something?

 

(do you just drop the old tracking and add the new property code?)

 

Doug

 

we posted the same time (great to hear it all went well for you)

Edited by douglaswalker

Share this post


Link to post
Share on other sites

All I seem to remember doing was when logged into my webmaster tools account I clicked the ADD NEW PROPERTY button up in the top right corner and it did what ever google does and just added a new link.

 

Nothing more complicated than that as far as I can remember


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

Login to your google account if you have one. Starting from my google dashboard page I click on webmaster tools, then click on Manage my sites and then in the top right corner click on add a property.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

Hi thanks for your help

I am able to create a new property but in doing that I get another property id in the analytics code

 

So does that mean to get the tracking for the new https version I need to change the id in the analytics code?

 

and also re-verify the site.

Share this post


Link to post
Share on other sites

 

@@Dan Cole it show me secure connection..

until I still have the error  on https://www.whynopadlock.com/


Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol

Hi if you have vps cloud like a Debian or Ubuntu Change in /etc/apache2/mods-available/ssl.conf  the line referent to ssl

SSLProtocol all= (all protocols)  change for this SSLProtocol all -SSLv3 -SSLv2

No external links here, thank you

Share this post


Link to post
Share on other sites

Hi there

I have the below to redirect from http to https. All is fine but I have just noticed an issue

 

if I type just   mydomain.com.au into the address bar I get a page not found and this

 

https://www.mydomain.com.au/%5bR=301,L%5d

 

or if i type https://mydomain.com.au I get this

 

https://www.mydomain.com.au/%5bR=301,L%5d

 

 

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]

 
 
All help appreciated
Doug

Share this post


Link to post
Share on other sites

Did you check how google look the page?

 

I have on htaccess:

 

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1[R=301,L]
 
and if try on search console google view:
 
 
so add ?products_id=65122
 
maybe some problem with SEO and 301 redirect on htaccess?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×