Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin SSL Question


WSFrazier

Recommended Posts

I've read other posts about securing the admin page. I have it password protected with .htaccess and apache. I also edited the congifure.php file so that all my admin section is secured with SSL. But on the index.php page under my admin, it still says at the bottom that "You are not protected by a secure SSL connection." I am pretty sure I am cause IE tells me at the bottom of the window that is is secured with that gold lock icon. Is that just a bug with OSC or am I actually not secure?

Link to comment
Share on other sites

If you type if the address of your 'admin' folder, using http and not https do you still arrive at the login for the 'admin' folder? I'm guessing that you do, which is why osCommerce tells you what it does. Download the .htaccess file from your 'admin' folder, and insert this

 

SSLRequireSSL

ErrorDocument 403 https://www.yourdomain.com/youradmin/

 

Then, delete the .htaccess file from your 'admin' folder and upload this altered one. Then, make sure that both the http and https pathways in your /catalog/admin/includes/configure.php file point to the https address.

 

When you login to your 'admin' folder now you should see "You are secured by an unknown ssl connection". It always says 'unknown', don't ask me why.

 

Vger

Link to comment
Share on other sites

For some reason, when I add SSLRequireSSL to my htaccess file, I get a 500 server error when I try to view my admin page

 

EDIT: After checking my error logs here is that happens "Invalid command 'SSLRequireSSL', perhaps mis-spelled or defined by a module not included in the server configuration"

 

My SSL is shared from my host, if that makes any difference.

Link to comment
Share on other sites

SSLRequireSSL is an Apache modssl 2.0 feature. It also seems inappropriate for this purpose to me.

 

All you need do is:

 

1. In your admin's configure.php, set HTTP_SERVER to be your https URL base.

2. Open your admin panel with the https URL.

Link to comment
Share on other sites

My SSL is shared from my host, if that makes any difference

 

No, that doesn't make any difference, except in the pathway you use for the https redirect e.g.

 

SSLRequireSSL

ErrorDocument 403 https://servername.yourhost.com/yourdomain.com/youradmin/

 

This should work on most Unix and Linux servers.

 

Odd, never known that to fail. I would suggest that you read up a little on .htaccess and put in place a straightfoard http to https redirect - but check with your host company first to find out what they support on their servers.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...