SSL for admin panel

[matthew_scullion]

Hi everyone.

 

I have just enabled SSL on my web, site ready for its "go-live" soon. What a brillint product OS Commerce is. It worked first time, no hassle.

 

However, I do not seem to be protecting my "admin" section.

 

Prior to installing my SSL I accessed the admin panel simply by typing http://www.mydomain.co.uk/admin. If I type this now it still works but the admin panel in not proected by SSL.

 

If I type https://secure.mydomain.co.uk/admin the admin panel appears and is indeed protected by SSL. However, all the links in the panel point back at the unsecure host name e.g. http://www.mydomain.co.uk/admin/configuration.php. This means that as soon as I select a link in the admin panel, I'm back into unsecure land.

 

Am i doing something wrong? I have included my inlcudes/configure.php and my admin/includes/configure.php files.

 

includes/configure.php:

 

define('HTTP_SERVER', 'http://www.mydomain.co.uk'); // eg, http://localhost
define('HTTPS_SERVER', 'https://secure.mydomain.co.uk'); // eg, https://localhost
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.mydomain.co.uk');
define('HTTPS_COOKIE_DOMAIN', 'secure.mydomain.co.uk');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

 

admin/includes/configure.php:

 

define('HTTP_SERVER', 'http://www.mydomain.co.uk'); // eg, http://localhost - should not be empty
define('HTTP_CATALOG_SERVER', 'http://www.mydomain.co.uk');
define('HTTPS_CATALOG_SERVER', 'https://secure.mydomain.co.uk');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

Many thanks in advance for any help. Regards, Matthew.

[Jack_mcs]

There are two issues to consider here. First, for the ssl to work in your admin, change the first two lines to use https instead of http.

 

Once that is done and the ssl is working, that means it is protecting your data in the admin section. It is not protecting the admin section. You should not be able to go to http://www.mydomain.co.uk/admin and get right in. It should be protected by a password. Otherwise, anyone can go in and have complete access to your site. Check your hosts control panel for a Password Protection option.

 

Jack

[matthew_scullion]

There are two issues to consider here. First, for the ssl to work in your admin, change the first two lines to use https instead of http.

 

Once that is done and the ssl is working, that means it is protecting your data in the admin section. It is not protecting the admin section. You should not be able to go to http://www.mydomain.co.uk/admin and get right in. It should be protected by a password. Otherwise, anyone can go in and have complete access to your site. Check your hosts control panel for a Password Protection option.

 

Jack

 

Jack, thanks for getting back to me. Could you expand please. Change the first two lines of what?

 

Many thanks.

[Jack_mcs]

The first two lines of the file you posted. Change these

define('HTTP_SERVER', 'http://www.mydomain.co.uk'); // eg, http://localhost - should not be empty
define('HTTP_CATALOG_SERVER', 'http://www.mydomain.co.uk');

to these

define('HTTP_SERVER', 'https://www.mydomain.co.uk'); // eg, http://localhost - should not be empty
define('HTTP_CATALOG_SERVER', 'https://www.mydomain.co.uk');

 

Jack

[matthew_scullion]

Jack,

 

That worked perfectly.

 

Many thanks for the advice.

 

Merry Christmas!

 

Regards, Matthew.

[balam]

thank you so much

works like a charm....