BryceJr Posted November 4, 2009 Posted November 4, 2009 We recently got the SSL installed on one of our website : www.bongsnbongs.com but we keep on getting the error that the site contains both secure and insecure links after I click on any product which comes in HTTPS url as there are some HTTP links also . I recently checked another good Oscommerce website http://www.mrgadget.com.au/catalog/ and for SSL which comes after Checkout it goes to https://secure.mrgadget.com.au Also NOTE that the error for secure and insecure links do not come even in IE although the links on this website have both HTTP and HTTPS . My Query is : 1) they have the SSL to "secure.mrgadget.com.au" and not to "www.mrgadget.com.au" . Is it better to have the SSL like thi instaed of the complete URL 2) Why this website do not have secure and insecure prompt though if you check the source it has both HTTP and HTTPS links 3) How to enable SSL only on CHECKOUT 4) How is it possible that they have all the product and category links to HTTP even if they are in HTTPS domain Any inputs from you is appreiciated Double post. Follow ->here
latincosmo Posted November 18, 2009 Posted November 18, 2009 "You configured HTTP(80) on the standard HTTPS(443) port!" on /var/log/httpd/error_log and blank page when accessing www.mydomain.com Hello everyone, I was trying to install SSL certificate for a week now, with no success. My Server info: Linux Distro: Fedora 10 2.6.27.12-170.2.5.fc10.i686 HTTP Server: Apache/2.2.11 (Fedora) PHP Version: 5.2.9 (Zend: 2.2.0) OpenSSL support enabled OpenSSL Version OpenSSL 0.9.8g I'm my own hosting and have only one domain in one linux box with 1 interface, 1 public IP address and no virtual domains. Hostname is "web" so certificate was issued to web.mydomain.com httpd.conf and ssl.conf have both a line "ServerName www.mydomain.com" Now, after uncommenting "SSLEngine on" in ssl.conf file, making necesary changes in /includes/configure.php and /admin/includes/configure.php and restarting httpd service: [root@web conf.d]# service httpd restart Stopping httpd: [ OK ] Starting httpd: Apache/2.2.11 mod_ssl/2.2.11 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.mydomain.com:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. [ OK ] Everything looks good so far, but I get: "You configured HTTP(80) on the standard HTTPS(443) port!" on error_log and blank page when accessing www.mydomain.com Any clue on what i am missing?? Thank you all for reading
pingpongrob Posted December 5, 2009 Posted December 5, 2009 Hi All, I have read through every post in this Section, and for the life of me cannot find an answer to my problem. I've been trying to get my SSL connection to work within the admin area, but it seem to fall in a heap. None of the images (icons display) I have checked the configure file in the admin/includes directory. $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2002 osCommerce Released under the GNU General Public License */ // define our webserver variables // FS = Filesystem (physical) // WS = Webserver (virtual) define('HTTP_SERVER', 'http://www.affordablett.com.au'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://www.affordablett.com.au'); define('HTTPS_CATALOG_SERVER', 'https://www.affordablett.com.au/~affordab/'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/affordab/public_html/shop/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/shop/admin/'); define('DIR_FS_ADMIN', '/home/affordab/public_html/shop/admin/'); define('DIR_WS_CATALOG', '/shop/'); define('DIR_FS_CATALOG', '/home/affordab/public_html/shop/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // secure webserver for admin define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing // define our database connection define('DB_SERVER', ''); define('DB_SERVER_USERNAME', 'xxxxxxxxx'); define('DB_SERVER_PASSWORD', 'xxxxxxxxx'); define('DB_DATABASE', 'xxxxxxxxxxxx'); define('USE_PCONNECT', 'true'); define('STORE_SESSIONS', ''); I have obviosly changed the line define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing to true and even tried 1, but no icons will display. can someone point me in the right direction. I have got the SSL to work correctly in the shop site. Except for the images being unsecured - not sure if they matter anyway. your help would be apprecated. Thanks in advance.
germ Posted December 5, 2009 Posted December 5, 2009 Hi All, I have read through every post in this Section, and for the life of me cannot find an answer to my problem. I've been trying to get my SSL connection to work within the admin area, but it seem to fall in a heap. None of the images (icons display) I have checked the configure file in the admin/includes directory. $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2002 osCommerce Released under the GNU General Public License */ // define our webserver variables // FS = Filesystem (physical) // WS = Webserver (virtual) define('HTTP_SERVER', 'http://www.affordablett.com.au'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://www.affordablett.com.au'); define('HTTPS_CATALOG_SERVER', 'https://www.affordablett.com.au/~affordab/'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/affordab/public_html/shop/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/shop/admin/'); define('DIR_FS_ADMIN', '/home/affordab/public_html/shop/admin/'); define('DIR_WS_CATALOG', '/shop/'); define('DIR_FS_CATALOG', '/home/affordab/public_html/shop/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // secure webserver for admin define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing // define our database connection define('DB_SERVER', ''); define('DB_SERVER_USERNAME', 'xxxxxxxxx'); define('DB_SERVER_PASSWORD', 'xxxxxxxxx'); define('DB_DATABASE', 'xxxxxxxxxxxx'); define('USE_PCONNECT', 'true'); define('STORE_SESSIONS', ''); I have obviosly changed the line define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing to true and even tried 1, but no icons will display. can someone point me in the right direction. I have got the SSL to work correctly in the shop site. Except for the images being unsecured - not sure if they matter anyway. your help would be apprecated. Thanks in advance. Looks to me like the store isn't getting the cue from the server that SSL is on. SSL Help SSL Help support thread If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
pingpongrob Posted December 5, 2009 Posted December 5, 2009 Looks to me like the store isn't getting the cue from the server that SSL is on. SSL Help SSL Help support thread Thanks for having a look. How would I go about fixing this, and how come the Shop site works properly. I have run your PHP Files and this is what I get. myenv.php Version 1.2 SSL Variables HTTP HOST: [www.affordablett.com.au] Server Port: [443] SSL Status: [on] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [on] Load: 2 myenv.php Version 1.2 NONSSL Variables HTTP HOST: [www.affordablett.com.au] Server Port: [80] SSL Status: [undefined!] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [undefined!] Load: 1 cfgchk.php Version 1.2 local config file found! Processing it first... File Permissions: 0644 Processing normal config file... File Permissions: 0444 Found HTTPS_SERVER: define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // eg, https://localhost - should not be empty for productive servers HTTPS URL passed check! Found ENABLE_SSL. define('ENABLE_SSL', true); // secure webserver for checkout procedure? SSL enable passed check! Found HTTPS_COOKIE_DOMAIN: define('HTTPS_COOKIE_DOMAIN', 'https://www.affordablett.com.au/~affordab'); HTTPS_COOKIE_DOMAIN line parsed! Parsing application_top.php for SSL detection key... Found SSL detection key: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; Done!
germ Posted December 6, 2009 Posted December 6, 2009 The Shop ISN'T working properly. Examining the HTML source on a HTTPS page reveals: <base href="http://www.affordablett.com.au/shop/"> This code: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; Needs to be this: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Or this: // set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; Or this: // set the type of request (secure or not) $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL'; And this: define('HTTPS_COOKIE_DOMAIN', 'https://www.affordablett.com.au/~affordab'); should be: define('HTTPS_COOKIE_DOMAIN', 'www.affordablett.com.au'); or define('HTTPS_COOKIE_DOMAIN', '.affordablett.com.au'); Thanks for having a look. How would I go about fixing this, and how come the Shop site works properly. I have run your PHP Files and this is what I get. myenv.php Version 1.2 SSL Variables HTTP HOST: [www.affordablett.com.au] Server Port: [443] SSL Status: [on] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [on] Load: 2 myenv.php Version 1.2 NONSSL Variables HTTP HOST: [www.affordablett.com.au] Server Port: [80] SSL Status: [undefined!] Fowarded Server: [undefined!] Fowarded Host: [undefined!] Fowarded By: [undefined!] $_SERVER['HTTPS']: [undefined!] Load: 1 cfgchk.php Version 1.2 local config file found! Processing it first... File Permissions: 0644 Processing normal config file... File Permissions: 0444 Found HTTPS_SERVER: define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // eg, https://localhost - should not be empty for productive servers HTTPS URL passed check! Found ENABLE_SSL. define('ENABLE_SSL', true); // secure webserver for checkout procedure? SSL enable passed check! Found HTTPS_COOKIE_DOMAIN: define('HTTPS_COOKIE_DOMAIN', 'https://www.affordablett.com.au/~affordab'); HTTPS_COOKIE_DOMAIN line parsed! Parsing application_top.php for SSL detection key... Found SSL detection key: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; Done! If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
pingpongrob Posted December 6, 2009 Posted December 6, 2009 Thank you once again for looking at the code. When I implememnt your suggestions, especially this one thats found in application_top.php Needs to be this: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Or this: // set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; Or this: // set the type of request (secure or not) $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL'; The Login page displays with no image's login with no images When I change it back to this // set the type of request (secure or not) $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; // set php_self in the local scope if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; The image's display correctly. I am stumped.
germ Posted December 6, 2009 Posted December 6, 2009 Thank you once again for looking at the code. When I implememnt your suggestions, especially this one thats found in application_top.php Needs to be this: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Or this: // set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; Or this: // set the type of request (secure or not) $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL'; The Login page displays with no image's login with no images When I change it back to this // set the type of request (secure or not) $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; // set php_self in the local scope if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; The image's display correctly. I am stumped. Whatever you have now is working. The store now recognizes that SSL is on. In the SSL support thread I linked you to, look towards the end at the exchange between Eternal Howl and myself. She had the exact same problem. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
pingpongrob Posted December 6, 2009 Posted December 6, 2009 Whatever you have now is working. The store now recognizes that SSL is on. In the SSL support thread I linked you to, look towards the end at the exchange between Eternal Howl and myself. She had the exact same problem. When you go to the login page, it is displayed without image's Login Page
germ Posted December 6, 2009 Posted December 6, 2009 When you go to the login page, it is displayed without image's Login Page Did you do what I asked you to do? :unsure: The store code is working as it should. Something on the server is messing you up. Could be a .htaccess file in the /images folder or maybe something to do with "hotlink protection" in your cPanel. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
pingpongrob Posted December 6, 2009 Posted December 6, 2009 Did you do what I asked you to do? :unsure: The store code is working as it should. Something on the server is messing you up. Could be a .htaccess file in the /images folder or maybe something to do with "hotlink protection" in your cPanel. I tried to find the replies as you suggested, but my eye's dont seem to be working correctly today. I did turn off Hotlink Protection, and the image's seem to be displayed Correctly. Hopefully this has fixed the problems. Thankyou very very much for you time and help in this matter. :)
pingpongrob Posted December 6, 2009 Posted December 6, 2009 Who would have thought that Hotlink Protection enabeled in cPanel, whould cause so many problems. Hopefully this helps a few more members as well. Now for the Million dollar question. Is there any way to make SSL's and Hotlink protection work together?
germ Posted December 6, 2009 Posted December 6, 2009 Who would have thought that Hotlink Protection enabeled in cPanel, whould cause so many problems. Hopefully this helps a few more members as well. Now for the Million dollar question. Is there any way to make SSL's and Hotlink protection work together? I've never been on a server where this was part of the cPanel. Is there a place where you can enter your SSL URL so it will be OK to access the images? :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
pingpongrob Posted December 6, 2009 Posted December 6, 2009 I've never been on a server where this was part of the cPanel. Is there a place where you can enter your SSL URL so it will be OK to access the images? :unsure: The Linux cPanel Server has a Hotlink Tab. I added the https://mysite.com to the allowed referers and now all is OK. Thanks once again for all your help.
germ Posted December 6, 2009 Posted December 6, 2009 Who would have thought that Hotlink Protection enabeled in cPanel, whould cause so many problems. Hopefully this helps a few more members as well. Now for the Million dollar question. Is there any way to make SSL's and Hotlink protection work together? If you don't mind I'd like the $1,000,000.00 in twenties.... ;) :lol: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
DANYEYI Posted December 8, 2009 Posted December 8, 2009 hi there, i have a problem with my application top file, my ssl would load up the encrypted pages but would not direct any of the images to https address giving me unsecure item errors in browsers. i corrected this by changeing the line in the application_top.php from this: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; to this: // set the type of request (secure or not) $request_type = ($_SERVER['HTTP_HOST'] == 'mysite.co.uk') ? 'SSL' : 'NONSSL'; and my includes/configure.php file looks like this: define('HTTP_SERVER', 'http://www.mysite.co.uk'); define('HTTPS_SERVER', 'https://mysite.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'mysite.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk'); can you tell me if this is a good workaround for the problem? or is there another solution? thanks in advanced dan
ulefos Posted March 31, 2011 Posted March 31, 2011 Here goes I got the ssl sort of working, but i coundnt get the images to show, so i changed my configure files again,again and again and now cant get the ssl working at all unless i manually put in https://www.ragstobags.co.uk and even then the wrong images appear or not being the case. heres my code inlcludes/configure = i havent added the bottom bit define('HTTP_SERVER', 'http://www.ragstobags.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.ragstobags.co.uk'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.ragstobags.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'www.ragstobags.co.uk'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); admin/includes/configure define('HTTP_SERVER', 'http://www.ragstobags.co.uk'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://www.ragstobags.co.uk'); define('HTTPS_CATALOG_SERVER', 'https://www.ragstobags.co.uk'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/xxxxxxxx/public_html'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/xxxxxx/'); define('DIR_FS_ADMIN', '/home/xxxxxxxx/public_html/'); define('DIR_WS_CATALOG', '/'); define('DIR_FS_CATALOG', '/home/xxxxxxxx/public_html/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', 'backups/'); hopefully someone will look at this and point me in the write direction Regards Teresa :(
ulefos Posted April 1, 2011 Posted April 1, 2011 i have now changed a few things in 2 conf files includes/config define('HTTP_SERVER', 'http://www.ragstobags.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.ragstobags.co.uk'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', '.ragstobags.co.uk'); define('HTTPS_COOKIE_DOMAIN', '.ragstobags.co.uk'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); admin/includes/config define('HTTP_SERVER', 'https://www.ragstobags.co.uk'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'https://www.ragstobags.co.uk'); define('HTTPS_CATALOG_SERVER', 'https://www.ragstobags.co.uk'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/xxxxxxx/public_html'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/xxxxxxx/'); define('DIR_FS_ADMIN', '/home/xxxxxx/public_html/'); define('DIR_WS_CATALOG', '/'); define('DIR_FS_CATALOG', '/home/xxxxxx/public_html/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', 'backups/'); how i had it before i couldnt get https to work (i still cant) but i changed the details in the admin section and now have images in admin and its https secure all i need help with now is getting https working on website please help teresa
germ Posted April 1, 2011 Posted April 1, 2011 If you add an item to the cart then "checkout" it goes HTTPS. My guess is the links on the home page that are supposed to be "secure" aren't coded correctly to use SSL if avaialble. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
ulefos Posted April 1, 2011 Posted April 1, 2011 i am so confused i been at this for hours, when i put in www.ragstobags.co.uk i get my page when i add product to cart i have a broken link, the other thing when i use hot linking in cpanel at the moment its disabled the above happens. Ive tried changing every option now its broke, please can you help teresa
ulefos Posted April 1, 2011 Posted April 1, 2011 here we go agian i have added the htaccess file back, so now the product link is working, i see what you mean that you can add the a product and in checkout it goes to https but the images arent loading properly. When you say links on the home page that are supposed to be "secure" aren't coded correctly to use SSL if avaialble, does this mean my hosting company hasnt set it up right, i have bought a dedicated ssl and they told me it was working could the problem be with the htaccess here is the file # Begin Ultimate SEO V2.2d Options +FollowSymLinks RewriteEngine On # RewriteBase instructions # Change RewriteBase dependent on how your shop is accessed as below. # http://www.mysite.com = RewriteBase / # http://www.mysite.com/catalog/ = RewriteBase /catalog/ # http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/ # Change the following line using the instructions above RewriteBase / RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pi-(.*).html$ popup_image.php?pID=$2&%{QUERY_STRING} RewriteRule ^(.*)-by-(.*).html$ all-products.php?fl=$2&%{QUERY_STRING} RewriteRule ^(.*)-t-(.*).html$ articles.php?tPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-a-(.*).html$ article_info.php?articles_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-au-(.*).html$ articles.php?authors_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pr-(.*).html$ product_reviews.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pri-(.*).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-f-(.*).html$ faqdesk_info.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-fc-(.*).html$ faqdesk_index.php?faqPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-fri-(.*).html$ faqdesk_reviews_info.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-fra-(.*).html$ faqdesk_reviews_article.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-i-(.*).html$ information.php?info_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-links-(.*).html$ links.php?lPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-pm-([0-9]+).html$ info_pages.php?pages_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-n-(.*).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nc-(.*).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-nri-(.*).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nra-(.*).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-po-([0-9]+).html$ pollbooth.php?pollid=$2&%{QUERY_STRING} # End Ultimate SEO V2.2d # Deny domain access to spammers and other scumbags RewriteEngine on php_flag register_globals off SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots Deny from env=block_bad_bots # Redirect index.php to domain.com RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/ RewriteRule ^index\.php$ http://www.ragstobags.co.uk/ [R=301,L] # Redirect domain.com to www.domain.com RewriteCond %{HTTP_HOST} ^ragstobags.co.uk [NC] RewriteRule ^(.*)$ http://www.ragstobags.co.uk/$1 [L,R=301] RewriteBase / # filter for most common exploits RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR] RewriteCond %{QUERY_STRING} tool25 [OR] RewriteCond %{QUERY_STRING} cmd.txt [OR] RewriteCond %{QUERY_STRING} cmd.gif [OR] RewriteCond %{QUERY_STRING} r57shell [OR] RewriteCond %{QUERY_STRING} c99 [OR] # ban spam bots RewriteCond %{HTTP_USER_AGENT} almaden [OR] RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR] RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR] RewriteCond %{HTTP_USER_AGENT} ^attach [OR] RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR] RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR] RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR] RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR] RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR] RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR] RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^CICC [OR] RewriteCond %{HTTP_USER_AGENT} ^Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Copier [OR] RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DA [OR] RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR] RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^Drip [OR] RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} email [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR] RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^gotit [OR] RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR] RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR] RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^Iria [OR] RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^JustView [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR] RewriteCond %{HTTP_USER_AGENT} ^lftp [OR] RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR] RewriteCond %{HTTP_USER_AGENT} ^likse [OR] RewriteCond %{HTTP_USER_AGENT} ^Link [OR] RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR] RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR] RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^Memo [OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR] RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [OR] RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR] RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR] RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR] RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^Ping [OR] RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR] RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR] RewriteCond %{HTTP_USER_AGENT} ^psbot [OR] RewriteCond %{HTTP_USER_AGENT} ^Pump [OR] RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR] RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR] RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR] RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR] RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^Snake [OR] RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR] RewriteCond %{HTTP_USER_AGENT} ^sproose [OR] RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR] RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR] RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR] RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^Webster [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus RewriteRule ^.* - [F,L] RewriteCond %{HTTP_REFERER} ^http://www.ragstobags.co.uk$ RewriteRule !^http://[^/.]\.ragstobags.co.uk.* - [F,L] # stop hotlinking (gif/jpg) and serve alternate content I have included an image for you to upload, please note if you use your images out side of your server (like linked into EBAY) you cannot use this. <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?ragstobags\.co.uk/.*$ [NC] RewriteRule .*\.(gif|jpg)$ http://www.ragstobags.co.uk/images/stolen.gif [R,NC,L] </ifModule> BAN IP NUMBERS, ALL OF TURKEY <Limit GET PUT POST> order allow,deny # ban domains deny from .br.geocities.com # ban entire country ~ Turkey deny from 62.29.0.0/17 deny from 62.56.128.0/22 deny from 62.85.128.0/19 deny from 62.108.64.0/19 deny from 62.113.0.0/19 deny from 62.184.58.0/27 deny from 62.185.166.64/26 deny from 62.184.178.96/29 deny from 62.186.77.0/26 deny from 62.201.192.0/18 deny from 62.229.128.0/24 deny from 62.229.130.0/24 deny from 62.244.192.0/18 deny from 62.248.0.0/17 deny from 64.18.138.0/24 deny from 64.28.128.0/20 deny from 65.182.7.0/24 deny from 66.178.5.0/24 deny from 66.178.52.0/24 deny from 66.205.36.0/22 deny from 69.30.204.0/23 deny from 80.71.128.0/20 deny from 80.88.138.224/27 deny from 80.88.141.160/27 deny from 80.251.0.0/20 deny from 80.251.32.0/20 deny from 81.6.64.0/18 deny from 81.8.0.0/17 deny from 81.21.160.0/20 deny from 81.22.97.0/24 deny from 81.31.193.224/29 deny from 81.31.195.112/29 deny from 81.31.195.136/29 deny from 81.31.195.216/30 deny from 81.31.196.172/30 deny from 81.31.197.16/29 deny from 81.31.197.64/30 deny from 81.31.197.128/30 deny from 81.31.198.152/29 deny from 81.31.198.216/29 deny from 81.31.199.72/29 deny from 81.31.199.140/30 deny from 81.31.199.160/29 deny from 81.31.200.64/29 deny from 81.31.200.76/30 deny from 81.212.0.0/14 deny from 82.145.224.0/19 deny from 82.151.128.0/19 deny from 82.222.0.0/16 deny from 83.66.0.0/16 deny from 83.166.48.0/28 deny from 84.11.37.192/26 deny from 84.17.64.0/19 deny from 84.44.0.0/17 deny from 84.51.0.0/18 deny from 85.96.0.0/12 deny from 85.153.0.0/16 deny from 85.158.96.0/21 deny from 85.159.64.0/21 deny from 85.235.64.0/24 deny from 86.108.128.0/17 Deny from 88.240.0.0/16 deny from 139.179.0.0/16 deny from 144.122.0.0/16 deny from 155.223.0.0/16 deny from 160.75.0.0/16 deny from 161.9.0.0/16 deny from 168.139.0.0/16 deny from 192.70.133.0/23 deny from 192.129.87.0/24 deny from 192.160.21.0/24 deny from 193.23.156.0/24 deny from 193.25.124.0/23 deny from 193.41.2.0/23 deny from 193.42.216.0/24 deny from 193.95.0.0/17 deny from 193.108.213.0/24 deny from 193.109.134.0/23 deny from 193.110.170.0/23 deny from 193.110.208.0/21 deny from 193.140.0.0/16 deny from 193.178.218.0/24 deny from 193.188.198.0/23 deny from 193.192.96.0/19 deny from 193.201.149.192/26 deny from 193.201.157.0/25 deny from 193.218.113.0/24 deny from 193.218.200.0/24 deny from 193.219.208.0/30 deny from 193.220.68.0/24 deny from 193.243.192.0/19 deny from 193.254.228.0/23 deny from 193.254.252.0/23 deny from 193.255.0.0/16 deny from 194.9.174.0/24 deny from 194.24.224.0/23 deny from 194.27.0.0/16 deny from 194.29.208.0/21 deny from 194.54.32.0/19 deny from 194.67.205.0/23 deny from 194.69.206.0/24 deny from 194.117.97.172/30 deny from 194.117.110.80/28 deny from 194.117.113.72/30 deny from 194.117.114.4/30 deny from 194.117.118.40/30 deny from 194.117.119.4/32 deny from 194.117.119.18/32 deny from 194.117.119.20/32 deny from 194.117.119.22/32 deny from 194.117.119.24/32 deny from 194.117.119.27/32 deny from 194.117.119.34/32 deny from 194.117.119.53/32 deny from 194.117.119.55/32 deny from 194.117.119.58/32 deny from 194.117.119.61/32 deny from 194.117.119.73/32 deny from 194.117.119.76/32 deny from 194.117.119.80/32 deny from 194.117.119.86/32 deny from 194.117.119.93/31 deny from 194.117.119.96/32 deny from 194.117.119.99/31 deny from 194.117.119.108/32 deny from 194.117.120.15/32 deny from 194.117.120.114/32 deny from 194.117.120.233/32 deny from 194.117.121.30/32 deny from 194.117.121.70/32 deny from 194.117.121.96/32 deny from 194.117.121.101/32 deny from 194.117.121.168/32 deny from 194.117.121.192/31 deny from 194.117.121.217/32 deny from 194.125.232.0/22 deny from 194.126.230.0/24 deny from 194.133.65.0/24 deny from 194.133.160.0/20 deny from 194.133.240.0/23 deny from 194.133.251.0/24 deny from 194.133.253.0/28 deny from 194.133.255.0/24 deny from 194.242.32.0/24 deny from 195.8.109.0/24 deny from 195.33.192.0/18 deny from 195.39.224.0/23 deny from 195.46.128.0/19 deny from 195.49.216.0/21 deny from 195.64.128.0/18 deny from 195.74.32.0/19 deny from 195.75.202.0/26 deny from 195.75.202.128/25 deny from 195.75.222.0/28 deny from 195.75.222.24/29 deny from 195.75.222.160/27 deny from 195.75.236.0/28 deny from 195.75.236.96/29 deny from 195.75.236.112/28 deny from 195.75.238.0/25 deny from 195.79.199.192/29 deny from 195.79.204.192/27 deny from 195.85.242.0/24 deny from 195.85.255.0/24 deny from 195.87.0.0/16 deny from 195.112.128.0/19 deny from 195.112.160.16/30 deny from 195.112.166.12/30 deny from 195.112.166.52/30 deny from 195.112.166.60/30 deny from 195.112.166.68/29 deny from 195.112.166.80/30 deny from 195.128.32.0/21 deny from 195.128.254.0/23 deny from 195.137.222.0/23 deny from 195.140.196.0/22 deny from 195.142.0.0/16 deny from 195.149.85.0/24 deny from 195.149.116.0/24 deny from 195.155.0.0/16 deny from 195.174.0.0/15 deny from 195.177.206.0/23 deny from 195.177.230.0/23 deny from 195.183.236.192/26 deny from 195.212.230.0/24 deny from 195.212.244.8/29 deny from 195.213.69.144/28 deny from 195.214.128.0/18 deny from 195.234.165.0/24 deny from 195.242.122.0/23 deny from 195.244.32.0/19 deny from 195.245.227.0/24 deny from 195.254.128.0/19 deny from 196.3.132.0/20 deny from 196.29.64.0/19 deny from 196.32.32.0/19 deny from 196.203.0.0/16 deny from 199.89.210.0/24 deny from 200.3.176.0/21 deny from 200.9.216.0/24 deny from 200.108.0.0/19 deny from 201.238.64.0/18 deny from 209.94.192.0/19 deny from 212.2.192.0/19 deny from 212.12.128.0/19 deny from 212.15.0.0/19 deny from 212.21.197.240/29 deny from 212.29.64.0/18 deny from 212.31.0.0/19 deny from 212.33.0.0/19 deny from 212.45.64.0/19 deny from 212.48.224.0/19 deny from 212.50.32.0/19 deny from 212.57.0.0/19 deny from 212.58.0.0/19 deny from 212.63.170.168/30 deny from 212.63.172.212/30 deny from 212.63.172.224/30 deny from 212.63.180.0/30 deny from 212.63.180.8/30 deny from 212.63.180.16/30 deny from 212.63.180.28/30 deny from 212.63.180.40/29 deny from 212.63.180.56/30 deny from 212.63.180.68/30 deny from 212.63.180.84/30 deny from 212.63.180.92/30 deny from 212.63.180.108/29 deny from 212.63.180.120/29 deny from 212.63.180.200/30 deny from 212.64.192.0/19 deny from 212.65.128.0/19 deny from 212.79.96.0/22 deny from 212.79.122.0/23 deny from 212.98.0.0/19 deny from 212.98.192.0/18 deny from 212.101.96.0/19 deny from 212.108.128.0/19 deny from 212.109.96.0/19 deny from 212.109.224.0/19 deny from 212.115.0.0/19 deny from 212.125.0.0/19 deny from 212.127.96.0/19 deny from 212.133.128.0/17 deny from 212.146.128.0/17 deny from 212.154.0.0/17 deny from 212.156.0.0/16 deny from 212.174.0.0/15 deny from 212.252.0.0/15 deny from 213.14.0.0/16 deny from 213.31.190.48/28 deny from 213.31.223.144/28 deny from 213.43.0.0/16 deny from 213.62.14.64/26 deny from 213.62.40.192/26 deny from 213.74.0.0/16 deny from 213.138.0.0/19 deny from 213.139.192.0/18 deny from 213.143.224.0/19 deny from 213.144.96.0/19 deny from 213.148.64.0/19 deny from 213.150.160.0/19 deny from 213.153.128.0/17 deny from 213.155.96.0/19 deny from 213.159.32.0/19 deny from 213.161.128.0/19 deny from 213.181.38.192/26 deny from 213.186.128.0/19 deny from 213.194.64.0/18 deny from 213.202.0.0/19 deny from 213.204.64.0/18 deny from 213.208.3.192/29 deny from 213.208.39.0/24 deny from 213.209.169.144/29 deny from 213.232.0.0/18 deny from 213.236.32.0/19 deny from 213.238.128.0/18 deny from 213.243.0.0/18 deny from 213.248.128.0/18 deny from 213.254.128.0/19 deny from 216.139.188.192/27 deny from 217.17.144.0/20 deny from 217.21.68.0/22 deny from 217.23.110.96/27 deny from 217.31.224.0/19 deny from 217.64.144.0/20 deny from 217.64.208.0/20 deny from 217.68.208.0/20 deny from 217.77.241.113/32 deny from 217.77.241.218/32 deny from 217.77.242.169/32 deny from 217.77.246.192/30 deny from 217.131.0.0/16 deny from 217.138.38.248/29 deny from 217.169.192.0/20 deny from 217.173.157.128/28 deny from 217.173.157.192/27 deny from 217.173.158.64/27 deny from 217.174.32.0/20 deny from 217.174.224.0/20 deny from 217.194.135.160/28 deny from 217.195.192.0/20 # Ban a few extra ips deny from 81.169.137.114 deny from 74.53.46.98 deny from 75.126.134.16 deny from 203.194.159.159 deny from 203.196.161.116 deny from 201.72.166.36 deny from 212.65.64.19 deny from 212.12.114.142 deny from 212.241.213.57 deny from 219.95.39.53 deny from 209.200.253.165 deny from 201.72.166.36 deny from 213.203.223.25 deny from 66.249.67.86 deny from 200.140.15.3 deny from 83.11.204.75 deny from 83.11.202.74 deny from 83.11.241.28 deny from 83.240.152.23 deny from 83.217.84.73 deny from 83.145.82.134 deny from 85.108.245.115 deny from 61.222.92.150 deny from 24.83.72.98 deny from 59.94.170.4 allow from all </Limit> # deny most common except .php <FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$"> deny from all </FilesMatch> # Disable .htaccess viewing from browser <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> # Disable access to config.php <Files ~ "includes\configure.php$"> deny from all </Files> FORCE TYPE <Files site> ForceType application/x-httpd-php </Files> Thank you for your repsonse, i do appricate it Teresa
ulefos Posted April 1, 2011 Posted April 1, 2011 this is what i found in my index page <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> would this need changing, Teresa
AndrewRavenwood Posted October 26, 2012 Posted October 26, 2012 Reviving this old thread because I would like to enable force cookies but can't because the customer is redirected to the cookie_usage.php page. I realise that this has been covered quite extensively in this thread, however the solutions given do not solve the issue (At least for me!). Earlier in the thread in a post added a few years ago, @@AlanR created a file called myenv.php to enable us to be able to see our server environment in order to affect changes to application_top.php here:- http://www.oscommerce.com/forums/topic/151162-the-ssl-in-oscommerce-guide-for-the-innocent/page__st__60#entry713688 - its going back a bit. In my case the relevant server response was 'on' therefore theoretically I would not need to change application_top.php. I did attempt the other suggested options but was unable to get a better result. The shop has a unique SSL certifcate, not a shared one (Which I believe would usually trigger the cookie_usage response). This is the relevant part of my config file:- define('HTTP_SERVER', 'http://www.mysite.com'); define('HTTPS_SERVER', 'https://www.mysite.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'http://www.mysite.com'); define('HTTPS_COOKIE_DOMAIN', 'https://www.mysite.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); The shop is currently working perfectly but the reason that I would like to shift from having the session ID in the url to forcing cookie usage is because Google is listing the same content multiple times and as such may down-rate the site. So it's not mission critical as such but is very much a nice to have.
germ Posted October 26, 2012 Posted October 26, 2012 define('HTTP_COOKIE_DOMAIN', 'www.mysite.com'); define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com'); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.