staradmire Posted October 26, 2006 Posted October 26, 2006 I have searched this forum for days now trying to figure out how to completely secure the admin section. I have the ssl installed. I changed the config files to direct to the ssl. Catalog is on the unsecure part of the site, the account information and shopping cart are directed to ssl like it is suppose to be. Now to get to the admin section, if I type in https://domain.com/catalog/admin it is secure. But, I still can get in using the http://www.domain.com/catalog/admin, when I do it is unsecure. How do i completely secure the admin section so even if I enter through the http://www.domain.com/catalog/admin, it shows a secure admin panel, or take that option away? There is something that I am missing here. I am going nuts trying to figure out how to secure it. Do I, or could I, put a redirect on the http://www.domain.com/catalog/admin to go to the https://domain.com/catalog/admin? That way it would always be going to the secure link. I need some help please.
bill110 Posted October 26, 2006 Posted October 26, 2006 I have searched this forum for days now trying to figure out how to completely secure the admin section. I have the ssl installed. I changed the config files to direct to the ssl. Catalog is on the unsecure part of the site, the account information and shopping cart are directed to ssl like it is suppose to be. Now to get to the admin section, if I type in https://domain.com/catalog/admin it is secure. But, I still can get in using the http://www.domain.com/catalog/admin, when I do it is unsecure. How do i completely secure the admin section so even if I enter through the http://www.domain.com/catalog/admin, it shows a secure admin panel, or take that option away? There is something that I am missing here. I am going nuts trying to figure out how to secure it. Do I, or could I, put a redirect on the http://www.domain.com/catalog/admin to go to the https://domain.com/catalog/admin? That way it would always be going to the secure link. I need some help please. This helped fix mine http://www.oscommerce.com/community/contributions,3479/ Also look at your address bar and see if the lock is there. If it is you are secure and probable need this: http://www.oscommerce.com/community/contributions,4390/ My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai
bill110 Posted October 26, 2006 Posted October 26, 2006 I have searched this forum for days now trying to figure out how to completely secure the admin section. I have the ssl installed. I changed the config files to direct to the ssl. Catalog is on the unsecure part of the site, the account information and shopping cart are directed to ssl like it is suppose to be. Now to get to the admin section, if I type in https://domain.com/catalog/admin it is secure. But, I still can get in using the http://www.domain.com/catalog/admin, when I do it is unsecure. How do i completely secure the admin section so even if I enter through the http://www.domain.com/catalog/admin, it shows a secure admin panel, or take that option away? There is something that I am missing here. I am going nuts trying to figure out how to secure it. Do I, or could I, put a redirect on the http://www.domain.com/catalog/admin to go to the https://domain.com/catalog/admin? That way it would always be going to the secure link. I need some help please. This helped fix mine http://www.oscommerce.com/community/contributions,3479/ Also look at your address bar and see if the lock is there. If it is you are secure and probable need this: http://www.oscommerce.com/community/contributions,4390/ My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai
bill110 Posted October 26, 2006 Posted October 26, 2006 I have searched this forum for days now trying to figure out how to completely secure the admin section. I have the ssl installed. I changed the config files to direct to the ssl. Catalog is on the unsecure part of the site, the account information and shopping cart are directed to ssl like it is suppose to be. Now to get to the admin section, if I type in https://domain.com/catalog/admin it is secure. But, I still can get in using the http://www.domain.com/catalog/admin, when I do it is unsecure. How do i completely secure the admin section so even if I enter through the http://www.domain.com/catalog/admin, it shows a secure admin panel, or take that option away? There is something that I am missing here. I am going nuts trying to figure out how to secure it. Do I, or could I, put a redirect on the http://www.domain.com/catalog/admin to go to the https://domain.com/catalog/admin? That way it would always be going to the secure link. I need some help please. This helped fix mine http://www.oscommerce.com/community/contributions,3479/ Also look at your address bar and see if the lock is there. If it is you are secure and probable need this: http://www.oscommerce.com/community/contributions,4390/ My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai
staradmire Posted October 26, 2006 Author Posted October 26, 2006 This helped fix minehttp://www.oscommerce.com/community/contributions,3479/ Also look at your address bar and see if the lock is there. If it is you are secure and probable need this: http://www.oscommerce.com/community/contributions,4390/ I tried these and it did not work. I can still go to http://www.domain.com/catalog/admin and it still shows that its not locked. Is there not away to redirect this or something. It is locked if its https://domain.com/catalog/admin and does show it in the browser. How do I get the http://www.domain.com/catalog/admin to be locked? It does not show in the browser as being locked either.
staradmire Posted October 26, 2006 Author Posted October 26, 2006 I tried these and it did not work. I can still go to http://www.domain.com/catalog/admin and it still shows that its not locked. Is there not away to redirect this or something. It is locked if its https://domain.com/catalog/admin and does show it in the browser. How do I get the http://www.domain.com/catalog/admin to be locked? It does not show in the browser as being locked either. Well seems even though the section that you sign into says its secure, once I click config or tools or any other section under admin its not secure either. I really need some help here .
Guest Posted October 26, 2006 Posted October 26, 2006 Im in the same boat on this i looked at the fix listed above even went to try it and foun that i dont have a catalog file of course that may have something to do with the fact that i installed into my root directory everything works except it going ssl in the admin so i presume its all their
staradmire Posted October 26, 2006 Author Posted October 26, 2006 Im in the same boat on this i looked at the fix listed above even went to try it and foun that i dont have a catalog file of course that may have something to do with the fact that i installed into my root directory everything works except it going ssl in the admin so i presume its all their Well I can help you with that, the catalog folder would be what ever you named your store.. If you installed it store it would be domain.com/store. I just happended to name mine catalog instead of store. The catalog folder that everyone is referring too is the main folder that the oscommerce is installed in.
Guest Posted October 26, 2006 Posted October 26, 2006 Well I can help you with that, the catalog folder would be what ever you named your store.. If you installed it store it would be domain.com/store. I just happended to name mine catalog instead of store. The catalog folder that everyone is referring too is the main folder that the oscommerce is installed in. i thought so thats why i said that i figured it had to do with me installing to the root directry making the stores index page the home page. However mine is working know for the sesitive area. so it looks like the fix worked after i went back and redid it to be sure i didnt miss anything.
staradmire Posted October 26, 2006 Author Posted October 26, 2006 i thought so thats why i said that i figured it had to do with me installing to the root directry making the stores index page the home page. However mine is working know for the sesitive area. so it looks like the fix worked after i went back and redid it to be sure i didnt miss anything. When you redid it and it brought up the blue box it showed that it was locked? Mine does too, but when I go into the admin section to do whatever the thing is unlocked again. I am lost here not sure what I did wrong but it seems the only thing that is secure is the link https://domain.com/catalog/admin anything after that is unlocked, and I can still get in with the http://www.domain.com/catalog/admin and its all unlocked. I am about to lose all my hair lol
staradmire Posted October 26, 2006 Author Posted October 26, 2006 When you redid it and it brought up the blue box it showed that it was locked? Mine does too, but when I go into the admin section to do whatever the thing is unlocked again. I am lost here not sure what I did wrong but it seems the only thing that is secure is the link https://domain.com/catalog/admin anything after that is unlocked, and I can still get in with the http://www.domain.com/catalog/admin and its all unlocked. I am about to lose all my hair lol While reading the knowledge base I see something about .htaccess I have done nothing to this. nor would I know how to, and the only place I can seem to find it is when I go into file manager, How do you edit it this if you are suppose too? The knowledge base is a bit confusing on this issue.
Guest Posted October 26, 2006 Posted October 26, 2006 When you redid it and it brought up the blue box it showed that it was locked? Mine does too, but when I go into the admin section to do whatever the thing is unlocked again. I am lost here not sure what I did wrong but it seems the only thing that is secure is the link https://domain.com/catalog/admin anything after that is unlocked, and I can still get in with the http://www.domain.com/catalog/admin and its all unlocked. I am about to lose all my hair lol actually no mine shows unlocked but when i bring up packing slips edit customer orers or customer info then my adress goes to https:// not every page of the admin is secured with that fix just the sections with sensative material
staradmire Posted October 26, 2006 Author Posted October 26, 2006 actually no mine shows unlocked but when i bring up packing slips edit customer orers or customer info then my adress goes to https:// not every page of the admin is secured with that fix just the sections with sensative material OMG i figured it out. Here is what you need to do. Seeing how your having the same problem as me. Everything is secure now. It redirects automatically. All links in the admin section are now secure. Thank you thank you for this contribution. I had searched there before. I just changed the wording of my search and there it was. My htaccess was hidden in front page. I went into cpanel file manager. went to the admin folder of the store. and there is the htaccess folder click it and edit file in there you need to add this code without changing anything.. RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} http://www.oscommerce.com/community/contri...earch,Admin+SSL
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.