pafranklin Posted April 27, 2018 Share Posted April 27, 2018 Hi, With news, rumors and articles suggesting that Google is starting to de-rank sites that are not HTTPS across the entire site I just want to double check how I do this. I currently have an SSL in place so is it simply a question of amending the 2 configure.php files on the admin and frontend? Any pointers would be very gratefully received! Paul You will never learn if you don't try. And boy am I trying....! Link to comment Share on other sites More sharing options...
♥raiwa Posted April 27, 2018 Share Posted April 27, 2018 https://www.oscommerce.com/forums/topic/412720-shop-redirect-htaccess/?tab=comments#comment-1767803 About Me: http://www.oscommerce.com/forums/user/249059-raiwa/ Need help? How To Get The Help You Need Is your version of osC up to date? You'll find the latest osC community version CE Phoenix here. Public Phoenix Change Log Cheat Set on Google Sheets Link to comment Share on other sites More sharing options...
MrPhil Posted April 28, 2018 Share Posted April 28, 2018 Two things to do: Change the two configure.php files to use https everywhere, rather than both http and https. You want all your site internal links to be https. Check for incoming http requests (such as old bookmarks and search engine entries) and redirect them to https (in .htaccess or similar) with a 301 status. You want to inform all visitors that the site is now https, especially search engines. Link to comment Share on other sites More sharing options...
Jack_mcs Posted April 28, 2018 Share Posted April 28, 2018 You will need more than just redirecting from http to https to do it correctly. See this post. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
pafranklin Posted April 28, 2018 Author Share Posted April 28, 2018 Thank you all for the comments. When I made the changes to the catalog/includes/configure file when the site went to checkout the pages lost all CSS, images and layout (as enclosed). Is this because I still need to make the changs to .htaccess? Thanks in advance. Paul You will never learn if you don't try. And boy am I trying....! Link to comment Share on other sites More sharing options...
MrPhil Posted April 28, 2018 Share Posted April 28, 2018 Have you either cleared your browser cache or done a hard refresh (Ctrl-F5)? You might be looking at an old page that's still trying to pull up http: files that no longer exist. Link to comment Share on other sites More sharing options...
gassko Posted January 12, 2019 Share Posted January 12, 2019 On 4/28/2018 at 1:46 PM, pafranklin said: Thank you all for the comments. When I made the changes to the catalog/includes/configure file when the site went to checkout the pages lost all CSS, images and layout (as enclosed). Is this because I still need to make the changs to .htaccess? Thanks in advance. Paul Hey, I have same problem. How did you fix it? Tx, Gasper Link to comment Share on other sites More sharing options...
ArtcoInc Posted January 12, 2019 Share Posted January 12, 2019 @gassko This does not look like a redirect problem. Post both of your configure.php files (there are two: one in /catalog/includes/, and the other in /catalog/<your admin directory name>/includes/). Be sure to edit our personal information, especially your database name, database admin user name, and database admin password. M Link to comment Share on other sites More sharing options...
gassko Posted January 14, 2019 Share Posted January 14, 2019 On 1/12/2019 at 10:43 PM, ArtcoInc said: @gassko This does not look like a redirect problem. Post both of your configure.php files (there are two: one in /catalog/includes/, and the other in /catalog/<your admin directory name>/includes/). Be sure to edit our personal information, especially your database name, database admin user name, and database admin password. M Hey Artcolnc, I have missed configure file in admin directory. Fixed it. Thanks!!! Link to comment Share on other sites More sharing options...
gassko Posted January 16, 2019 Share Posted January 16, 2019 I still dont have secure connection. Any idea why? I have also set up .htaccess redirect and now I cannot access adim site. RewriteEngine On RewriteCond %{HTTP_HOST} ^www.datalogger-shop.eu RewriteRule ^(.*)$ https://www.datalogger-shop.eu/shop/$1 [R=301,L] Please advise. Tx G Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 16, 2019 Share Posted January 16, 2019 You have mixed content on your site. Use browser inspect tool to see it. Edit the relavent files and replace http: with https: Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 16, 2019 Share Posted January 16, 2019 1 hour ago, gassko said: I have also set up .htaccess redirect and now I cannot access adim site. Sorry for second point you need to check and make sure your admin config seeting match your redirect. Or try stock redirect. RewriteEngine On RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\. [NC] # this makes it a permanent redirect RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Link to comment Share on other sites More sharing options...
MrPhil Posted January 16, 2019 Share Posted January 16, 2019 This redirect will not work correctly. If the incoming URL is http://domain.com..., it will rewrite to https://domain.com..., when the OP wants https://www.domain.com... Or, if the incoming URL is https://www.domain.com, it will redirect to... https://www.domain.com...! (probably a 500 error loop) This is why you never use HTTP_HOST in the rewrite -- you always hard code the domain name (with or without the www, as the version you are trying to use). %{HTTP_HOST} is not some canonical form. It is what the visitor typed in as the address, and could have (at a minimum) www or be missing it. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 16, 2019 Share Posted January 16, 2019 1 hour ago, gassko said: I still dont have secure connection. Any idea why? You are using a custom template which is calling many of it's resources from http: sites. You can either go back to the person you got the template and ask for an update to a SSL version or edit all the files to replace http with https and if they all have https alternatives ( and they probably will) you should be fine. Link to comment Share on other sites More sharing options...
gassko Posted January 17, 2019 Share Posted January 17, 2019 14 hours ago, MrPhil said: This redirect will not work correctly. If the incoming URL is http://domain.com..., it will rewrite to https://domain.com..., when the OP wants https://www.domain.com... Or, if the incoming URL is https://www.domain.com, it will redirect to... https://www.domain.com...! (probably a 500 error loop) This is why you never use HTTP_HOST in the rewrite -- you always hard code the domain name (with or without the www, as the version you are trying to use). %{HTTP_HOST} is not some canonical form. It is what the visitor typed in as the address, and could have (at a minimum) www or be missing it. Thank you for answer. What redirect should I use then? Before SSL I had: RewriteEngine On RewriteCond %{HTTP_HOST} ^datalogger-shop.eu RewriteRule (.*) http://www.datalogger-shop.eu/shop/$1 [R=301,L] and I could normaly access admin page, now I cant. Link to comment Share on other sites More sharing options...
gassko Posted January 17, 2019 Share Posted January 17, 2019 14 hours ago, JcMagpie said: You are using a custom template which is calling many of it's resources from http: sites. You can either go back to the person you got the template and ask for an update to a SSL version or edit all the files to replace http with https and if they all have https alternatives ( and they probably will) you should be fine. Thank you for answer. Unfortunatly person who got me template and was doing all the hard work on my oscommerce shop has passed away. I will try and change all files with http to https. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 17, 2019 Share Posted January 17, 2019 Instructions courtesy of one of the internets largest hosting companys! I think they know what they are talking about, as allways your free to take other advice. If in any doubt talk to your hosting company and they will be in best place to advise you. Redirect All Web Traffic To force all web traffic to use HTTPS, add the following lines of code in the .htaccess file in your website's root folder. RewriteEngine On RewriteCond %{HTTPS} !on RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Redirect Only Specified Domain To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder: RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] If this doesn't work, try removing the first two lines RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] Redirect Specified Folder If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder: RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L] NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 17, 2019 Share Posted January 17, 2019 1 hour ago, gassko said: Unfortunatly person who got me template and was doing all the hard work on my oscommerce shop has passed away. If you need help there are some very good developers on this forum that i'm sure would be able to help you with this. Otherwise just post or pm if the info is sensative if you need more help. Link to comment Share on other sites More sharing options...
MrPhil Posted January 17, 2019 Share Posted January 17, 2019 7 hours ago, gassko said: RewriteEngine On RewriteCond %{HTTP_HOST} ^datalogger-shop.eu RewriteRule (.*) http://www.datalogger-shop.eu/shop/$1 [R=301,L] I would try RewriteEngine On RewriteCond %{HTTPS} !on [OR] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.datalogger-shop.eu/shop/$1 [R=301,L] This should change http: to https: and add www. to the domain name if it's missing. Sometimes %{HTTPS} acts a little weird, and you may need to test =off or 0 instead of !on. Your host should know for sure. Also, sometimes they add a couple lines to exclude some SSL identification stuff. Link to comment Share on other sites More sharing options...
gassko Posted January 18, 2019 Share Posted January 18, 2019 Again, thank you both, I have now weekend to test and try all. G Link to comment Share on other sites More sharing options...
Guest Posted February 1, 2019 Share Posted February 1, 2019 Apache RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Nginx server { listen 80; server_name your-site.com www.your-site.com; return 301 https://your-site.com$request_uri; } Links removed. Link to comment Share on other sites More sharing options...
MrPhil Posted February 1, 2019 Share Posted February 1, 2019 Note that using %{HTTP_HOST} in the rewrite rule means that you can't change www. to non-www or vice-versa. You would need a separate rewrite for that, which means two 301 round trips, which means Google will ding you.. %{HTTP_HOST} is whatever the visitor typed in for the address, not some canonical form with or without www. My recommendation is to hard code your domain name (as desired with or without www.) in the rewrite rule, to avoid such problems. Also, you can use $1 instead of %{REQUEST_URI} -- just less typing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.