Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How Can I Secure That Admin Folder...


MindTattoos

Recommended Posts

Posted

Hi All,

I am having an Admin SSL security problem: I want to secure the admin access through SSL.

 

My host has enabled SSL on my server and the catalogue secures itself nicely with account logins etc. However, I can’t get my admin panel to work through SSL though.

 

The admin tool is password protected prompts/allows access properly but I can’t get it to work through the SSL url of my site.

 

(BOLD = I have changed the address for security) :blush:

 

I got instructions to put; SSLRequireSSL at the beginning of my htaccess file but it just gives me an error code. (which I was told it’s supposed to do until you modify the configure.php to:

define('HTTP_SERVER','https://www.MySITE.co.uk'); but this did not work.

 

In have this in the htaccess file from the admin folder:

 

AuthUserFile /home/USER/MYSITE/htdocs/MYSITE/catalog/admin/.htpasswd

AuthName "OSC ADMIN"

AuthType Basic

require valid-user

 

 

The top of my configure.php looks like this:

 

define('HTTP_SERVER','http://www.MySITE.co.uk');

define('HTTP_CATALOG_SERVER','http://MySITE.co.uk');

define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net'); define('ENABLE_SSL_CATALOG','true');

define('DIR_FS_DOCUMENT_ROOT','/home/USER/MySITE/htdocs/ MySITE ');

define('DIR_WS_ADMIN','/catalog/admin/');

 

Is it something to do with the fact the SSL part of my domain has a different access URL?

 

I got instructions to put; SSLRequireSSL at the beginning of my htaccess file but it just gives me an error code. (which I was told it’s supposed to do until you modify the configure.php to:

define('HTTP_SERVER','https://www.MySITE.co.uk');

 

Any ideas?

 

Thanks in advance. :thumbsup:

Chris :'(

Posted

You may be confusing ssl and securing a section of the site. The ssl will protect the data in admin from being seen as it is trasmitted across the Internet. But it won't prevent anyone from just going into your admin section to view that information. To do that, you need to use the .htaccess method you mention. Most hosts have a way to do that from their control panel. For the ssl, change all three instances of http in admin/includes/configure.php to https and set the enable ssl to true and that should work.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted
You may be confusing ssl and securing a section of the site.

 

Jack

 

Hi Jack,

Thanks for the help.

I understand that SSL 'only' secures data in transmission but I probably worded it badly - it was late last night when I posted.

 

What I am trying to accomplish is to protect the data between 'Me' and the admin area with SSL and make sure the Admin area is only available over the secure server. I was following instructions from David Mercers book 'Building online stores with OsCommerce' - he insists that the admin directory should be secured.

Unfortunatly, I have followed the exact method outlayed in the book but my 'Admin tool' does not use the secure connection (No padlock in I.E 7).

 

More ideas anyone?

Chris :blink:

Posted
Did you change the settings in the admin/includes/configure.php file? The ones you posted are incorrect.

 

Jack

 

Hi Jack

I tried them as they are and I also tried them as follows:

 

define('HTTP_SERVER','https://www.MySITE.co.uk');

define('HTTP_CATALOG_SERVER','http://MySITE.co.uk');

define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net'); define('ENABLE_SSL_CATALOG','true');

define('DIR_FS_DOCUMENT_ROOT','/home/USER/MySITE/htdocs/ MySITE ');

define('DIR_WS_ADMIN','/catalog/admin/');

 

but this still did not work... I am pretty sure the fault is here rather than the htaccess doc but i have no idea why it won't work.

 

Any ideas?

Thanks Chris :'(

Posted

From above, I mentioned needing to change the three http's to https's. So try changing this

define('HTTP_SERVER','https://www.MySITE.co.uk');
define('HTTP_CATALOG_SERVER','http://MySITE.co.uk');
define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net');

to this

define('HTTP_SERVER','https://www.MySITE.co.uk');
define('HTTP_CATALOG_SERVER','https://MySITE.co.uk');
define('HTTPS_CATALOG_SERVER','https://SSLMySITEsystems.net');

You also have to change the domain name to match for each. I have no way of knowing which is correct, although I assume the last one, so you will have to find that out.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...