d4funky1 Posted June 30, 2007 Posted June 30, 2007 Hi, I have a dedicated SSL cert that runs completely through my site. I would now like to change this so that only the checkout pages are secured by it. Is there a way in which I can assign the particular pages i want securing and leave the others unsecure? Many Thanks. D4
d4funky1 Posted June 30, 2007 Author Posted June 30, 2007 okay, having spoke to my host it appears that they can only apply the cert to the domain name. They mentioned however, the possibility of a script that can be used to enable the sert to only come into affect on certain pages ie: all checkout_ and login pages Does anyone know of such a script that can be used? Many Thanks D4
ozEworks Posted June 30, 2007 Posted June 30, 2007 Unless you changed the script, osCommerce only does use SSL for these pages. Maybe you did something in your configure.php file? Did you put https for the non-ssl reference?
d4funky1 Posted June 30, 2007 Author Posted June 30, 2007 not sure here it is: <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.fancydressretail.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.fancydressretail.co.uk'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.fancydressretail.co.uk/'); define('HTTPS_COOKIE_DOMAIN', 'www.fancydressretail.co.uk/'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); if ($request_type = 'SSL'){ define('DIR_WS_IMAGES', 'images/'); } else { define('DIR_WS_IMAGES', 'images/'); } //Added for BTS1.0 define('DIR_WS_TEMPLATES', 'templates/'); define('DIR_WS_CONTENT', DIR_WS_TEMPLATES . 'content/'); define('DIR_WS_JAVASCRIPT', DIR_WS_INCLUDES . 'www.fancydressretail.co.uk/javascript/'); //End BTS1.0 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/kunden/homepages/26/d198638006/htdocs/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'db837.oneandone.co.uk'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'dbo198681683'); define('DB_SERVER_PASSWORD', 'AsjVZMgA'); define('DB_DATABASE', 'db198681683'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> Can you shed any light on this for me?
ozEworks Posted June 30, 2007 Posted June 30, 2007 You should not have posted all that detail as you have given the world your database access details. If you have time, edit the post. If not change your database password.
ozEworks Posted June 30, 2007 Posted June 30, 2007 If I try and go to http:// it forces me to https:// so do you have a redirect in your .htaccess file? If I click on a traditional non-ssl page, it is not ssl.
d4funky1 Posted June 30, 2007 Author Posted June 30, 2007 shit shit shit shit shit be right back here's the .htaccess file it's the last three lines i was told to put in # $Id: .htaccess,v 3.0 2005/02/02 13:57:00 wilt Exp $ # Author: Michael R. Bryant [email protected] # # This is used with Apache WebServers # # For this to work, you must include the parameter 'Options' to # the AllowOverride configuration # # Example: # # <Directory "/usr/local/apache/htdocs"> # AllowOverride Options # </Directory> # # 'All' with also work. (This configuration is in the # apache/conf/httpd.conf file) # The following makes adjustments to the SSL protocol for Internet # Explorer browsers <IfModule mod_setenvif.c> <IfDefine SSL> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </IfDefine> </IfModule> # Fix certain PHP values # (commented out by default to prevent errors occuring on certain # servers) <IfModule mod_php4.c> php_value session.use_trans_sid 0 php_value register_globals 1 php_flag display_errors On php_flag track_errors On </IfModule> #CRE_SEO Install Begin DirectoryIndex index.php default.php Options +FollowSymLinks RewriteEngine on RewriteBase / #cre SEO check for images and skip all the other rules for performance reasons only RewriteRule ^.*\.gif|\.jpg|\.png|\.css|\.php$ - [L] # cre SEO reformats for product_info.html pages RewriteRule ^m([0-9]+_?[0-9]*)/?(.*)/p([0-9]+_?[0-9]*)/(.*)/product_info\.html$ product_info.php?manufacturers_id=$1&products_id=$3 [QSA,L] RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/product_info\.html$ product_info.php?products_id=$1 [QSA,L] RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/product_info\.html$ product_info.php?cPath=$2&products_id=$3 [QSA,L] # cre SEO reformat for index.html pages RewriteRule ^m([0-9]+_?[0-9]*)/?(.*)/p([0-9]+_?[0-9]*)/(.*)/index\.html$ index.php?manufacturers_id=$1&products_id=$3 [QSA,L] RewriteRule ^m([0-9]+_?[0-9]*)/(.*)/index\.html$ index.php?manufacturers_id=$1 [QSA,L] RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/index\.html$ index.php?cPath=$2&products_id=$3 [QSA,L] RewriteRule ^(.*)/c([^/]*)/index\.html$ index.php?cPath=$2 [QSA,L] # cre SEO reformat for information.html pages RewriteRule ^i([0-9]+_?[0-9]*)/(.*)/information\.html$ information.php?info_id=$1 [QSA,L] # cre SEO reformat for pages.html pages RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/pages\.html$ pages.php?pID=$1 [QSA,L] RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/pages\.html$ pages.php?cID=$2&pID=$3 [QSA,L] RewriteRule ^(.*)/c([^/]*)/pages\.html$ pages.php?cID=$2 [QSA,L] # cre SEO reformat for articles.html pages RewriteRule ^(.*)/t([^/]*)/a([0-9]+_?[0-9]*)/(.*)/articles\.html$ articles.php?tPath=$2&articles_id=$3 [QSA,L] RewriteRule ^(.*)/t([^/]*)/articles\.html$ articles.php?tPath=$2 [QSA,L] # cre SEO reformat for article_info.html pages RewriteRule ^a([0-9]+_?[0-9]*)/(.*)/article_info\.html$ article_info.php?articles_id=$1 [QSA,L] RewriteRule ^(.*)/t([^/]*)/article_info\.html$ article_info.php?tPath=$2 [QSA,L] # cre SEO reformats for product_reviews.html pages RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/product_reviews\.html$ product_reviews.php?products_id=$1 [QSA,L] RewriteRule ^(.*)/c([^/]*)/p([0-9]+_?[0-9]*)/(.*)/product_reviews\.html$ product_reviews.php?products_id=$3 [QSA,L] # cre SEO reformats for product_reviews_info.html pages RewriteRule ^p([0-9]+_?[0-9]*)/(.*)/review([0-9]+_?[0-9]*)/product_reviews_info\.html$ product_reviews_info.php?products_id=$1&reviews_id=$3 [QSA,L] #cre SEO catch all in case other rules did not match RewriteRule ^(product_info|index|information|pages|articles|article_info|product_reviews|p roduct_reviews_info)\.html$ $1.php [QSA,L] RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://www.fancydressretail.co.uk/$1 [R]
d4funky1 Posted June 30, 2007 Author Posted June 30, 2007 Phew, Changed the db p/word Hope that's enough
ozEworks Posted June 30, 2007 Posted June 30, 2007 I have never seen that kind of rewrite instruction targetting SSL like that. Who told you to add it? Did you try and just remove it and see what it does.
d4funky1 Posted June 30, 2007 Author Posted June 30, 2007 not yet this was advised by my host 1and1 and i was directed to there faq which states: How to set up a website that is only accessible using SSL. (https://) You should first have a SSL certificate installed on your domain. Create a file named .htaccess in the directory your domain is pointing to and place the following code: RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://www.domaim.com/$1 [R] (substitute www.domain.com with your domain) Tip Domains can have SSL certificates installed on www.domain.com or just domain.com. Please check what you have and then substitute it accordingly. (https://www.domaim.com/$1 [R] or https://domaim.com/$1 [R]) Would you suggest it? Many Thanks
ozEworks Posted June 30, 2007 Posted June 30, 2007 remove it and see if your standard SSL works. if not, and, it may not given this is 1and1 hosting, there is a patch to fix it for 1and1 hosted sites somewhere here on the forum.
d4funky1 Posted June 30, 2007 Author Posted June 30, 2007 BINGO Exactly what i wanted to achieve Many Thanks for all your help The reason for this: get my google pagerank back. D4
d4funky1 Posted July 1, 2007 Author Posted July 1, 2007 Ahhh! Maybe not, The site seems to work well but when i click to login or checkout i am presented with a 404 error? Any ideas? Many Thanks D4
krz2fer Posted July 26, 2007 Posted July 26, 2007 not yet this was advised by my host 1and1 and i was directed to there faq which states:Would you suggest it? Many Thanks I am having this same issue with 1and1 - did you get this resolved? If so, how? Those 3 lines of code for the htaccess make my store functionality broken (can't sign up new user, can't do other things properly).
Recommended Posts
Archived
This topic is now archived and is closed to further replies.