MindTattoos Posted June 25, 2007 Posted June 25, 2007 Hi All, I am having an Admin SSL security problem: I want to secure the admin access through SSL. My host has enabled SSL on my server and the catalogue secures itself nicely with account logins etc. However, I can’t get my admin panel to work through SSL though. The admin tool is password protected prompts/allows access properly but I can’t get it to work through the SSL url of my site. (BOLD = I have changed the address for security) :blush: I got instructions to put; SSLRequireSSL at the beginning of my htaccess file but it just gives me an error code. (which I was told it’s supposed to do until you modify the configure.php to: define('HTTP_SERVER','https://www.MySITE.co.uk'); but this did not work. In have this in the htaccess file from the admin folder: AuthUserFile /home/USER/MYSITE/htdocs/MYSITE/catalog/admin/.htpasswd AuthName "OSC ADMIN" AuthType Basic require valid-user The top of my configure.php looks like this: define('HTTP_SERVER','http://www.MySITE.co.uk'); define('HTTP_CATALOG_SERVER','http://MySITE.co.uk'); define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net'); define('ENABLE_SSL_CATALOG','true'); define('DIR_FS_DOCUMENT_ROOT','/home/USER/MySITE/htdocs/ MySITE '); define('DIR_WS_ADMIN','/catalog/admin/'); Is it something to do with the fact the SSL part of my domain has a different access URL? I got instructions to put; SSLRequireSSL at the beginning of my htaccess file but it just gives me an error code. (which I was told it’s supposed to do until you modify the configure.php to: define('HTTP_SERVER','https://www.MySITE.co.uk'); Any ideas? Thanks in advance. :thumbsup: Chris :'(
Jack_mcs Posted June 26, 2007 Posted June 26, 2007 You may be confusing ssl and securing a section of the site. The ssl will protect the data in admin from being seen as it is trasmitted across the Internet. But it won't prevent anyone from just going into your admin section to view that information. To do that, you need to use the .htaccess method you mention. Most hosts have a way to do that from their control panel. For the ssl, change all three instances of http in admin/includes/configure.php to https and set the enable ssl to true and that should work. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
MindTattoos Posted June 26, 2007 Author Posted June 26, 2007 You may be confusing ssl and securing a section of the site. Jack Hi Jack, Thanks for the help. I understand that SSL 'only' secures data in transmission but I probably worded it badly - it was late last night when I posted. What I am trying to accomplish is to protect the data between 'Me' and the admin area with SSL and make sure the Admin area is only available over the secure server. I was following instructions from David Mercers book 'Building online stores with OsCommerce' - he insists that the admin directory should be secured. Unfortunatly, I have followed the exact method outlayed in the book but my 'Admin tool' does not use the secure connection (No padlock in I.E 7). More ideas anyone? Chris :blink:
Jack_mcs Posted June 27, 2007 Posted June 27, 2007 Did you change the settings in the admin/includes/configure.php file? The ones you posted are incorrect. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
MindTattoos Posted June 28, 2007 Author Posted June 28, 2007 Did you change the settings in the admin/includes/configure.php file? The ones you posted are incorrect. Jack Hi Jack I tried them as they are and I also tried them as follows: define('HTTP_SERVER','https://www.MySITE.co.uk'); define('HTTP_CATALOG_SERVER','http://MySITE.co.uk'); define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net'); define('ENABLE_SSL_CATALOG','true'); define('DIR_FS_DOCUMENT_ROOT','/home/USER/MySITE/htdocs/ MySITE '); define('DIR_WS_ADMIN','/catalog/admin/'); but this still did not work... I am pretty sure the fault is here rather than the htaccess doc but i have no idea why it won't work. Any ideas? Thanks Chris :'(
Jack_mcs Posted June 29, 2007 Posted June 29, 2007 From above, I mentioned needing to change the three http's to https's. So try changing this define('HTTP_SERVER','https://www.MySITE.co.uk'); define('HTTP_CATALOG_SERVER','http://MySITE.co.uk'); define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net'); to this define('HTTP_SERVER','https://www.MySITE.co.uk'); define('HTTP_CATALOG_SERVER','https://MySITE.co.uk'); define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net'); You also have to change the domain name to match for each. I have no way of knowing which is correct, although I assume the last one, so you will have to find that out. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Recommended Posts
Archived
This topic is now archived and is closed to further replies.