Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Using .htacces and .htpasswd with a shared SSL


Jewelie

Recommended Posts

Hi everyone!

 

Thanks in advance to anyone who can help. I am a newbie, so please be patient.

 

I have a shared SSL with my ISP. I have figured out how to change configure.php and the SSL is working fine everywhere on my site.

 

Now I am trying to secure my admin pages using .htaccess and .htpasswd. It works when I try to access the admin page using the non-secure http:// address, but when I try the shared SSL https:// address it goes directly in without asking for a user/pass.

 

Does anyone have any clue what's going on?

 

Here is my .htaccess.

 

AuthName "Admin Section"
AuthType Basic
AuthUserFile /Library/WebServer/WebSites/USER/passwords/.htpasswd
Require valid-user

 

 

Thanks

Link to comment
Share on other sites

Once you have been authenticated in your browser to the admin section, you won't be re-authnticated each time you visit the admin even under https. If you close all of your browser windows and restart you browser, then try the https link, you'll probably be "authenticated" again.

 

HTH

Tom

Link to comment
Share on other sites

Hi, thanks for your suggestion. I wish that was all that was wrong. I tried as you suggested, several times, but it will still let me in. Could there be any other reason?

 

 

First off, if you tried to log in on non secure and then you do not close your browser before logging in to the secure server it will just let you in without having to relog in .... but if you close the browser and start with a new one, it should ask you to log in if you go first directly to the secure admin address. Try this if you have not yet.... otherwise as you say, you might be having other issues.

Link to comment
Share on other sites

  Try this if you have not yet.... otherwise as you say, you might be having other issues.

 

Definitely having other issues. Just to clarify, my http:// address is not identical to my https://address. Could this be causing a problem? I do not have my own certificate, rather, but am using my ISP's SSL.

 

Thanx.

Link to comment
Share on other sites

Definitely having other issues. Just to clarify, my http:// address is not identical to my https://address. Could this be causing a problem? I do not have my own certificate, rather, but am using my ISP's SSL.

 

Thanx.

No, it doesn't matter if you are on a shared server.

 

Can you tell me what happens when you try this?

1. Close all your browsers.

2. Open your browser.

3. Use https:// address to access your admin section (straight away)

Link to comment
Share on other sites

Hi Julie,

 

I thought you might like to know you are not alone in this issue. My problem is a little different: I have same set-up with shared certificate, and everything but admin section works just fine. My non-secure admin works just fine, and is protected. But when I try to log into admin through secure connection (with different URL as well), my browser says the page does not exist. I have not spent much time trying to fix this, so I don't have any answers yet. If I find the solution, I will be sure to pass it on to you.

 

Good luck,

 

NaturalSamba

Link to comment
Share on other sites

If the above, as Tom already suggested earlier, does not work. Then you have a serious server misconfiguration.

 

You might want to talk to your host for the solution.

Link to comment
Share on other sites

Julie,

 

OK, my secure admin is working. The above solutions were close. I shut down my browser (IE 5.2) and still had nothing. I tried a new browser (safari) that I had never accessed admin section with, and wallah, it was working fine and protected.

If you don't have another browser to try, perhaps emptying your browsers cache, shutting it down, and then trying again will help? I'm certainly no expert and I usually learn through trial and error with an emphasis on error, but that would be my best guess.

 

Again, good luck!

 

NS

Link to comment
Share on other sites

If the above, as Tom already suggested earlier, does not work.  Then you have a serious server misconfiguration.

 

You might want to talk to your host for the solution.

 

Okay, I will talk to my ISP about this. I closed all my browsers, opened them again and still got direct access to my admin page through my https:// address without any password protection.

 

 

thanks for the advice. i will post any solution i find to help any others who have this same problem.

Link to comment
Share on other sites

Okay, I will talk to my ISP about this. I closed all my browsers, opened them again and still got direct access to my admin page through my https:// address without any password protection.

thanks for the advice. i will post any solution i find to help any others who have this same problem.

Were you using Internet Explorer?

 

Try adding this to your .htaccess

 

<IfModule mod_setenvif.c>
 <IfDefine SSL>
   SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
 </IfDefine>
</IfModule>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...