Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

unsecure admin link


stasmmr

Recommended Posts

i have ssl installed on dedicated ip and all is fine but i need to deactivate unsecure admin link. http:wwwxxxxx.ccc/admin.

 

my admin config file is as below

 

define('HTTP_SERVER', 'http://www.xxxxxx.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'https://www.xxxxxx.com');

define('HTTPS_CATALOG_SERVER', 'https://www.xxxxxx.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/stasm/public_html/store/admin/'); // where the pages are located on the server

define('DIR_WS_ADMIN', 'https://www.xxxxxxx.com/store/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/xxxxx/xxxxx/public_html/store/admin/'); // absolute path required

define('DIR_WS_CATALOG', '/store/'); // absolute path required

define('DIR_FS_CATALOG', '/xxxx/xxxxx/public_html/store/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

Any help would be appreciated

Link to comment
Share on other sites

Please explain what "deactivate unsecure admin link" means.

 

Jack

I think he means that admin should be inaccessible to the public at large.

To do that on an Apache server for example, you'd have a .htaccess file in your admin directory that includes something similar to the following:

 

AuthType Basic
AuthName "Access for /myshop/admin"
AuthUserFile /pathToMyhtpasswdFile/htpasswd
require user adminperson

Link to comment
Share on other sites

A 404 is for a not found condition. If you want that to happen, renmae the admin directory to something else so it doesn't exist.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

sorry if i seem clueless but would'nt there still be an http directory to whatever i changed the name to? this may seem impossible i don't know. but when i make changes in https admin they are also changed in http admin so when i start to recieve payments one side of my admin is unlocked.

Is that right?

 

Thanks

Link to comment
Share on other sites

In your admin/configure file, change each http to https and set enable ssl to true. When you go to http://yoursite.com/admin, it will ask you for a username and password. After you put that in, the url will switch to https so everything is secure. It doesn't matter that you can go to http://yourdomain.com/admin since there is nothing there for anyone to take.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thanks to all who replied.

I actually got a result from an old post from vger.

i had to force SSL in my htaccess file in admin folder.

Now i get a can not connect on http admin page and ssl connection on https admin .

 

Thanks again

 

www.stasm.com

surfing margaret river

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...