dr_lucas Posted March 14, 2014 Share Posted March 14, 2014 I was browsing a few threads here today, all said it's not possible to force SSL on specific page via .htaccess Was trying to respond, but unfortunately the topic are archived and no longer accept responses (why archived? even a topic from 2011!?) Anyway, it is possible to do that via .htaccess, just add these lines to the very bottom of your catalog/.htaccess and always be sure to leave at least 1 blank line at the end of the .htaccess file: # Force SSL on specific pages <IfModule mod_rewrite.c> RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} ^/(login\.php|create_account\.php|checkout_shipping\.php|checkout_payment\.php|checkout_confirmation\.php) RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L] </IfModule> Did I help you? Click "Like" or "Thanks"! It's free of charge. :)My contributions:Total Configuration (newly updated 07/2018, for both osC 2.2 and 2.3.4.1 BS Frozen CE)User Tracking with Admin 1.0 (newly updated 07/2018)FedEx - Web Services v9, FAQ System , Who's Online Enhancement, Order Editor, MoneyBookers IPN, Ship in Cart (MS2), Admin Products Paging, Margin Report v1.00, 2Checkout INS / IPN (Instant Notification System) for MS2.2, Visitor Web Stats, Time Zone Offset - Adjust to match your location, Category Meta Tags Link to comment Share on other sites More sharing options...
♥14steve14 Posted March 14, 2014 Share Posted March 14, 2014 I thought that a correctly set up oscommerce cart used https on those pages if you had a ssl certificate and set up both of the configure files correctly. May be I was wrong and this is needed, but I don't think I am. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
dr_lucas Posted March 14, 2014 Author Share Posted March 14, 2014 While this may be the case, many stores are configured differently, have templates with hard coded http (instead of https) links, etc. Also some people, for any reason, may try to or be able to manually remove the https from the URL and connect to certain pages via http instead. Using this method, you ensure that this will no longer be possible. Besides, the code is easily modifiable to include or exclude from forcing-SSL any page the store admin wants by changing: RewriteCond %{REQUEST_URI} ^/(login\.php|create_account\.php|checkout_shipping\.php|checkout_payment\.php|checkout_confirmation\.php) For example, to RewriteCond %{REQUEST_URI} ^/(advanced_search_results\.php) # Will force SSL on advanced_search.results.php Did I help you? Click "Like" or "Thanks"! It's free of charge. :)My contributions:Total Configuration (newly updated 07/2018, for both osC 2.2 and 2.3.4.1 BS Frozen CE)User Tracking with Admin 1.0 (newly updated 07/2018)FedEx - Web Services v9, FAQ System , Who's Online Enhancement, Order Editor, MoneyBookers IPN, Ship in Cart (MS2), Admin Products Paging, Margin Report v1.00, 2Checkout INS / IPN (Instant Notification System) for MS2.2, Visitor Web Stats, Time Zone Offset - Adjust to match your location, Category Meta Tags Link to comment Share on other sites More sharing options...
T. Thomas Posted March 15, 2014 Share Posted March 15, 2014 It is possible to force SSL on all pages (which would be best) just configure it in your configure.php files includes/configure.php define('HTTP_SERVER', 'https://yoursite.com'); define('HTTPS_SERVER', 'https://yoursite.com'); define('ENABLE_SSL', true); admin/includes/configure.php define('HTTP_SERVER', 'https://yoursite.com'); define('HTTP_CATALOG_SERVER', 'https://yoursite.com'); define('HTTPS_CATALOG_SERVER', 'https://yoursite.com'); define('ENABLE_SSL_CATALOG', true); The important part of this code is the 'https://yoursite.com' for HTTP_SERVER not just the HTTPS_SERVER. This forces HTTPS even when the user types in a plan http address or the link is hard coded. Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 15, 2014 Share Posted March 15, 2014 @@14steve14 This fix has been around for a while. It is considered a security error because the url will work in non-ssl mode, which means the data entered would not be encrypted. I don't think anyone would deliberately change the url but purchased templates are notorious for adding links to those pages that do not use ssl. @T. Thomas That will work but is a bad idea. The reasons have been stated a number of times in various threads here on the forums if you want to look those up. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.