Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

ssl redirect from http to https


samstone

Recommended Posts

Ok ,here's what I have seen ,don't know if this is a security issue,but.

all ssl works (except for admin page not showing padlock)???

IE and mozzlia show padlocks on the right pages.

if a person goes to the pages and plays with the url taking out the s in https

my certicate comes up with domain mismatch.

I would like to code in a redirect to warning page with link back or just back to the https secure page.

PS I use a signed certificate from godaddy not shared my securte page starts

biz.com/catalog/ unsecure is www.biz.com/catalog

 

Thanks for all the usefull stuff here this place is Great

Link to comment
Share on other sites

But will the site still be secure,cetificate is signed for biz.com not www.biz.com

would having all files going through ssl ,make it slow ,what about search engines?

 

 

Regards

L.Nichol

 

thanks for fast reply

went to known secure site and tried it there I get a redirect reload back to the https pages?

Link to comment
Share on other sites

You've misunderstood the bit about the address of the certificate and the address of your site.

 

Depending on your type of server the certificate is issued either to www.yourdomain.com or just to yourdomain.com. This does not mean that people who go to any 'yourdomain.com' address will be on an ssl page. Only people who go to addresses which begin with https://yourdomain.com will go to SSL pages.

 

If you set your http address to http://yourdomain.com and your https address to https://yourdomain.com then osCommerce will automatically decide which pages are covered by ssl and which are not. Only a small number of pages will be https.

 

Search engines do not give rankings to https pages, which is a good thing because they are pages you don't want listed in search engines.

 

Vger

Link to comment
Share on other sites

I found this,was looking for more of a walk through on

one page that defines all https pages this needs put in all https urls

so far it works

also

found I may be able to do this in httpd apache

config. will look it up some more your suggestion works as far as the certificate prompt but a user can still mess with the address and not be secure (2nd party cafe shop may have a way to pirate info if customer is not paying attention)

 

<?php

/**

This page can be included in any PHP page, that you need

to use only "https" and NOT "http".

*/

 

function move_them($url="") {

if (empty($url)) {

print "Null-string passed to <b>move_them()</b>";

}

else {

// printing a meta redirect tag will move them

$string = "<meta http-equiv=\"Refresh\" ";

$string .= "content=\"0;URL=$url\">";

print $string;

}

}

 

function ask_them($url="") {

if (empty($url)) {

print "Null-string passed to <b>ask_them()</b>";

}

else {

print "Please use our secure sight: ";

print "<a href=\"$url\">$url</a>";

exit; // very important

}

}

 

// main()

 

$docu = $PHP_SELF;

$name = $SERVER_NAME;

$sslp = $SSL_PROTOCOL;

 

if (empty($sslp)) {

$url = "https://$name$docu";

move_them($url);

// ask_them($url);

/* uncomment the above accordinly */

 

}

?>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...